Announcement Announcement Module
Collapse
No announcement yet.
Verifying and decryption not working Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    I fail to see anything wrong with the configuration. One detail, in the server cofig the securementEncryptionParts is unnecessary and has no effect in your example since all the securement* properties affect outgoing messages only.
    Is it possible to test with a saaj message factory and report the result?

    Comment


    • #17
      Hack to fix this problem

      Tareq,

      First to respond to your last post, I have tested wss4j encryption/decryption with saaj message factory and had the same problem with decryption failing as with axiom message factory.

      I stepped through spring-ws code and made some changes that fixed the problem for me using 1.5.2 codebase for both message factories. The fixes are different for Saaj message factory and Axiom message factory.

      Essentially, for both message factories the problem was that decrypted message parts were not replacing the encrypted message parts inside MessageContext after decryption.

      To fix decryption when using Saaj message factory, I modified Wss4jSecurityInterceptor.toDocument(..) to this (essentially rolling back the fix someone made earlier for SWS-345):

      Code:
          private Document toDocument(SoapMessage soapMessage, MessageContext messageContext) {
              if (soapMessage instanceof SaajSoapMessage) {
                  SaajSoapMessage saajSoapMessage = (SaajSoapMessage) soapMessage;
                  // pdotsenko - works now since SWS-345 is fixed
                  return saajSoapMessage.getSaajMessage().getSOAPPart(); 
              }
              else if (soapMessage instanceof AxiomSoapMessage) {
                  AxiomSoapMessage axiomMessage = (AxiomSoapMessage) soapMessage;
                  return AxiomUtils.toDocument(axiomMessage.getAxiomMessage().getSOAPEnvelope());
              }
              else {
                  throw new IllegalArgumentException("Message type not supported [" + soapMessage + "]");
              }
          }

      To fix decryption when using Axiom message factory, I modified AxiomSoapMessage.setAxiomMessage(..) to this (added this.envelope = null:
      Code:
          public final void setAxiomMessage(SOAPMessage axiomMessage) {
              Assert.notNull(axiomMessage, "'axiomMessage' must not be null");
              this.axiomMessage = axiomMessage;
      
              //pdotsenko - null out so getEnvelope() will replace this.envelope with new content
              this.envelope = null;
          }
      The problem with AxiomSoapMessage is that getEnvolope() creates AxiomSoapMessage.envelope only when it is null, so as a consequence calling setAxiomMessage(...) with new decrypted parts had no effect on the original (encrypted) envelope content, and so the endpoints got the old encrypted parts. This may not be the best way to fix the problem, but it workes for me.

      It would be great to see these fixes in the official release sometime soon Let me know if I can help.

      Thanks,
      Paul Dotsenko

      Comment


      • #18
        Hi Paul,

        Could you please create a Jira issue for this? It would be great if you could include any test case to reproduce the error as well

        Comment


        • #19
          Paul, I've already created http://jira.springframework.org/browse/SWS-376 for the second code snipped you posted (setting the envelope to null).

          The first issue (toDocument fix) still needs a JIRA, though.

          Thanks!

          Comment


          • #20
            Arjen, thanks for creating and fixing the first JIRA issue!

            Tareq, I created http://jira.springframework.org/secu....jspa?id=22634
            JIRA issue for the toDocument(...) fix. I attached a proposed fix patch file to the JIRA issue.

            Thanks,
            Paul

            Comment


            • #21
              Sorry if this is a duplicate post, I tried responding earlier and the post didn't show up..

              Tareq, I created http://jira.springframework.org/secu....jspa?id=22634
              JIRA issue for the toDocument(...) fix. I attached my proposed fix patch file to the JIRA issue.

              Arjen, thanks for creating and fixing the setting the envelope to null JIRA issue!

              Thanks,
              Paul

              Comment


              • #22
                Originally posted by pdotsenko View Post
                Sorry if this is a duplicate post, I tried responding earlier and the post didn't show up..
                Because of the abnormal amount of spam we get on the forum, some threads now require individual posts to be approved by a moderator. So yes, your posts might not show up immediately.

                You can blame the spammers for this, they ruined it for all of us.

                Comment

                Working...
                X