Announcement Announcement Module
Collapse
No announcement yet.
X509 Certificate validation with AcegiCertificateValidationCallBackHandler Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • X509 Certificate validation with AcegiCertificateValidationCallBackHandler

    Hi,

    I am new with Spring Web service and Acegi Security. I am having trouble with validating x509 certificates. The truststore and the keystore appear to be properly configured. It works well when I used it with a SAAJ server and a SAAJ client. I am not sure what I need to do to fix this error. Any help will be appreciated. I have attached the security config xml file and Below is the error message I am getting:

    Code:
    SEVERE: WSS1364: Unable to validate certificate
    Apr 8, 2008 4:17:23 PM com.sun.xml.wss.impl.dsig.KeySelectorImpl resolve
    SEVERE: WSS1353: Error occurred while resolving key information
    com.sun.xml.wss.impl.WssSoapFaultException: Certificate validation failed
    	at com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:318)
    	at com.sun.xml.wss.impl.dsig.KeySelectorImpl.resolveToken(KeySelectorImpl.java:1237)
    	at com.sun.xml.wss.impl.dsig.KeySelectorImpl.resolve(KeySelectorImpl.java:628)
    	at com.sun.xml.wss.impl.dsig.KeySelectorImpl.select(KeySelectorImpl.java:235)
    	at org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(DOMXMLSignature.java:494)
    	at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:247)
    	at com.sun.xml.wss.impl.dsig.SignatureProcessor.verify(SignatureProcessor.java:781)
    	at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:457)
    	at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
    	at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:263)
    	at com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:848)
    	at com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:810)
    	at com.sun.xml.wss.impl.SecurityRecipient.validateMessage(SecurityRecipient.java:256)
    	at com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:144)
    	at org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor.validateMessage(XwsSecurityInterceptor.java:154)
    	at org.springframework.ws.soap.security.AbstractWsSecurityInterceptor.handleRequest(AbstractWsSecurityInterceptor.java:75)
    	at org.springframework.ws.server.MessageDispatcher.dispatch(MessageDispatcher.java:207)
    	at org.springframework.ws.server.MessageDispatcher.receive(MessageDispatcher.java:162)
    	at org.springframework.ws.transport.support.WebServiceMessageReceiverObjectSupport.handleConnection(WebServiceMessageReceiverObjectSupport.java:87)
    	at org.springframework.ws.transport.http.WebServiceMessageReceiverHandlerAdapter.handle(WebServiceMessageReceiverHandlerAdapter.java:57)
    	at org.springframework.ws.transport.http.MessageDispatcherServlet.doService(MessageDispatcherServlet.java:197)
    	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:475)
    	at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:440)
    	at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
    	at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
    	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:265)
    	at org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:107)
    	at org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:72)
    	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
    	at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
    	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
    	at org.acegisecurity.ui.x509.X509ProcessingFilter.doFilter(X509ProcessingFilter.java:138)
    	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
    	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
    	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
    	at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:149)
    	at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
    	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
    	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
    	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
    	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
    	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
    	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
    	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
    	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
    	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
    	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
    	at java.lang.Thread.run(Unknown Source)
    Apr 8, 2008 4:17:23 PM com.sun.xml.wss.impl.dsig.KeySelectorImpl select
    SEVERE: WSS1352: Exception occured in Key selection
    Here is the xml config for the security:

    HTML Code:
    <!-- ===================== WS-SECURITY SETUP ============================== -->
    	<bean id="wsSecurityInterceptor"
    		class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
    
    		<property name="policyConfiguration"
    			value="classpath:com/mycompany/ws/security/securityPolicy.xml" />
    		<property name="callbackHandlers">
    			<list>
    				<ref bean="keyStoreHandler" />
    				<ref bean="acegiCertificateHandler" />
    			</list>
    		</property>
    	</bean>
    
    
    	<!-- ======================== ACEGI AUTHENTICATION ======================= -->
    
    	<bean id="loggerListener"
    		class="org.acegisecurity.event.authentication.LoggerListener" />
    		
    		
    	<bean id="keyStoreHandler"
    		class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
    		<property name="trustStore" ref="trustStore" />
    		<property name="keyStore" ref="keyStore"/>
        </bean>
    
        <bean id="keyStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
            <property name="location" value="classpath:serverks.jks"/>
            <property name="password" value="changeit"/>
        </bean>
    
    	<bean id="trustStore"
    		class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
    		<property name="location" value="classpath:servercacert.jks" />
    		<property name="password" value="changeit" />
    	</bean>
    
    	<bean id="acegiCertificateHandler"
    		class="org.springframework.ws.soap.security.xwss.callback.acegi.AcegiCertificateValidationCallbackHandler">
    		<property name="authenticationManager"
    			 ref="authenticationManagerForWS" />
    	</bean>
    
    	<bean id="authenticationManagerForWS" class="org.acegisecurity.providers.ProviderManager">
          	<property name="providers">
             	<list>
    		    	<ref local="x509AuthenticationProvider"/>
             	</list>
    		</property>
       	</bean>
    
    	<bean id="x509AuthenticationProvider" class="org.acegisecurity.providers.x509.X509AuthenticationProvider">
    		<property name="x509AuthoritiesPopulator"><ref local="x509AuthoritiesPopulator"/></property>
    	
    	</bean>
    	
    
    	<bean id="x509AuthoritiesPopulator" class="org.acegisecurity.providers.x509.populator.DaoX509AuthoritiesPopulator">
    		<property name="userDetailsService"><ref local="securityService"/></property>
    </bean>

  • #2
    Could be an issue with missing certificate in your keystore. Debug with -Djavax.net.ssl.debug=all. Please see post below for more details

    http://techieocean.blogspot.com/2013...exception.html

    Comment

    Working...
    X