Announcement Announcement Module
Collapse
No announcement yet.
Problems Implementing Client Security Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problems Implementing Client Security

    I am fairly new to web service security and Spring WS. I have a functioning web service and client that I am trying to secure using digital signatures. On the service side, I have configured an XWSSecurityInterceptor with a local policy file, as shown below:

    Service configuration:
    Code:
       <bean class="org.springframework.ws.server.endpoint.mapping.PayloadRootAnnotationMethodEndpointMapping">
            <description>
                Detects @PayloadRoot annotations on @Endpoint bean methods. The FxRateMarshallingEndpoint
                has such annotations. It uses two interceptors: one that logs the message payload, and the other validates
                it accoring to the 'fxRate.xsd' schema file.
            </description>
            <property name="interceptors">
                <list>
                    <bean class="org.springframework.ws.server.endpoint.interceptor.PayloadLoggingInterceptor"/>
                    <bean class="org.springframework.ws.soap.server.endpoint.interceptor.PayloadValidatingInterceptor">
                        <property name="schema" value="/WEB-INF/fxRate.xsd"/>
                        <property name="validateRequest" value="true"/>
                        <property name="validateResponse" value="true"/>
                    </bean>
                    <ref bean="wsSecurityInterceptor"/>
                </list>
            </property>
            <property name="order" value="1"/>
        </bean>
    	<bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
    		<property name="policyConfiguration" value="/WEB-INF/securityPolicy.xml"/>
    		<property name="callbackHandlers">
    			<list>
    				<ref bean="keyStoreHandler"/>
    			</list>
    		</property>
    	</bean>
    
    	<bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
    		<property name="trustStore" ref="trustStore"/>
    	</bean>
    	
    	<bean id="trustStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
    		<property name="location" value="/WEB-INF/wireFx.jks"/>
    		<property name="password" value="wirefx"/>
    	</bean>
    Server securityPolicy.xml:
    Code:
    <xwss:SecurityConfiguration dumpMessages="false" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
        <xwss:RequireSignature requireTimestamp="false"/>
    </xwss:SecurityConfiguration>
    The server side appears to be working fine. It would appear that my client is not generating the digital signatures on the SOAP message that is being sent across to the service, as I am receiving the following stack trace:

    Code:
    [4/14/08 9:53:09:264 EDT] 0000002e SystemErr     R org.springframework.ws.soap.client.SoapFaultClientException: com.sun.xml.wss.XWSSecurityException: Message does not conform to configured policy [ SignaturePolicy(P) ]:  No Security Header found; nested exception is com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException: Message does not conform to configured policy [ SignaturePolicy(P) ]:  No Security Header found
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at org.springframework.ws.soap.client.core.SoapFaultMessageResolver.resolveFault(SoapFaultMessageResolver.java:37)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at org.springframework.ws.client.core.WebServiceTemplate.handleFault(WebServiceTemplate.java:668)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:502)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:440)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:289)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:283)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:275)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.pnc.wire.web.controller.WireFxServiceClient.getFxRate(WireFxServiceClient.java:38)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.pnc.wire.web.controller.WireFxServiceHandler.getFxRate(WireFxServiceHandler.java:25)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.pnc.wire.web.controller.WireController.doAction(WireController.java:107)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.pnc.wire.web.servlet.initiateWire.doPost(initiateWire.java:34)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.pnc.wire.web.servlet.initiateWire.doGet(initiateWire.java:25)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:966)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:478)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:463)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3129)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:238)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:811)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1433)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:93)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:394)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:102)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:152)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:213)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.ibm.io.async.AbstractAsyncFuture.fireCompletionActions(AbstractAsyncFuture.java:195)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:194)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:741)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:863)
    [4/14/08 9:53:09:279 EDT] 0000002e SystemErr     R 	at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1510)
    I have configured my client to use an XWS Security interceptor (as shown below), but this does not appear to be processing the digital signature.

    Code:
    	<bean id="wireFxServiceClient" parent="abstractClient"
    		class="com.pnc.wire.web.controller.WireFxServiceClient">
    		<property name="interceptors">
    			<list>
    				<ref bean="wsSecurityInterceptor"/>
    			</list>
    		</property>
    		<property name="marshaller" ref="marshaller" />
    		<property name="unmarshaller" ref="marshaller" />
    <!-- <property name="helper" ref="secureClientHelper"/>  -->		
    	</bean>
    
    	<bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
    		<property name="policyConfiguration" value="/WEB-INF/securityPolicy.xml"/>
    		<property name="callbackHandlers">
    			<list>
    				<ref bean="keyStoreHandler"/>
    			</list>
    		</property>
    	</bean>
    
    	<bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
    		<property name="keyStore" ref="keyStore"/>
    		<property name="privateKeyPassword" ref="wirefx"/>
    	</bean>
    	
    	<bean id="keyStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
    		<property name="location" value="/WEB-INF/wireFx.jks"/>
    		<property name="password" value="wirefx"/>
    	</bean>
    I have also configured a client-side server policy file:
    Code:
    <xwss:SecurityConfiguration dumpMessages="false" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
        <xwss:Sign includeTimestamp="false"/>
    </xwss:SecurityConfiguration>
    Aside from wiring the interceptor on the client side, is there anything else I need to do in order to digitally sign the outgoing request or is my configuration incorrect?

    Any insight would be greatly appreciated! Thank you.

  • #2
    This won't help, but I got the exact same message. Then after a couple of hours of trying to get it to work I moved to wss4j.... wich still doesnt work.

    I'm suspecting some kind of classpath problem, wrong jar versions or something...could be wrong though.

    Comment


    • #3
      dspoljaric,

      I have struggled all afternoon with the wss4j but i finally just managed to get it to play, i had to switch out to the 1.5.3 version of the wss4j jar and now it all rocks and rolls

      Comment


      • #4
        For the record, I've been able to get certificate authentication working for both wss4j and xwss.

        I just can't get certificate authentication working with saaj 1.2.

        I don't think your xwss security policy file is correct on the client. I used:
        Code:
        <xwss:SecurityConfiguration dumpMessages="true" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
        	<xwss:Sign includeTimestamp="false">
        		<xwss:X509Token certificateAlias="myAlias" />
        	</xwss:Sign>
        </xwss:SecurityConfiguration>

        By the way, I used these steps to create my key pair.

        Comment


        • #5
          I am making some progress after understanding a fundamental error in my application context...

          I am using WSS4J to handle the digital signatures. It appears to be generating the security header information correctly; however, it looks like it is running into a problem inserting the security header information in the SOAP message.

          Code:
          [4/15/08 9:04:24:385 EDT] 0000002c SystemOut     O DEBUG  04-15-2008 09:04:24.385 (org.springframework.ws.client.core.WebServiceTemplate) Opening [org.springframework.ws.transport.http.HttpUrlConnection@5eb05eb0] to [http://localhost:9080/wire/services] 
          [4/15/08 9:04:24:464 EDT] 0000002c SystemOut     O DEBUG  04-15-2008 09:04:24.464 (org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor) Securing message [SaajSoapMessage {http://localhost:9080/wire/fx/schemas}GetFxRateRequest] with actions [Signature] 
          [4/15/08 9:04:24:464 EDT] 0000002c SystemOut     O DEBUG  04-15-2008 09:04:24.464 (org.apache.ws.security.WSSConfig) The provider BC could not be added: org.bouncycastle.jce.provider.BouncyCastleProvider 
          [4/15/08 9:04:24:464 EDT] 0000002c SystemOut     O DEBUG  04-15-2008 09:04:24.464 (org.apache.ws.security.WSSConfig) The provider JuiCE could not be added: org.apache.security.juice.provider.JuiCEProviderOpenSSL 
          [4/15/08 9:04:24:528 EDT] 0000002c ServletWrappe I   SRVE0242I: [wireWebEAR] [/wireWeb] [/initiateWireResponse.jsp]: Initialization successful.
          [4/15/08 9:04:24:480 EDT] 0000002c SystemErr     R java.lang.NullPointerException
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at org.apache.xerces.dom.ParentNode.internalInsertBefore(Unknown Source)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at org.apache.xerces.dom.ParentNode.insertBefore(Unknown Source)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.ws.webservices.engine.xmlsoap.SOAPElement.insertBefore(SOAPElement.java:1644)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at org.apache.ws.security.util.WSSecurityUtil.prependChildElement(WSSecurityUtil.java:594)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at org.apache.ws.security.util.WSSecurityUtil.findWsseSecurityHeaderBlock(WSSecurityUtil.java:649)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at org.apache.ws.security.message.WSSecHeader.insertSecurityHeader(WSSecHeader.java:134)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:99)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at org.springframework.ws.soap.security.wss4j.Wss4jHandler.doSenderAction(Wss4jHandler.java:162)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor.secureMessage(Wss4jSecurityInterceptor.java:450)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at org.springframework.ws.soap.security.AbstractWsSecurityInterceptor.handleRequest(AbstractWsSecurityInterceptor.java:182)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:480)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:440)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:289)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:283)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:275)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.pnc.wire.web.controller.WireFxServiceClient.getFxRate(WireFxServiceClient.java:61)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.pnc.wire.web.controller.WireFxServiceHandler.getFxRate(WireFxServiceHandler.java:35)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.pnc.wire.web.controller.WireController.doAction(WireController.java:107)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.pnc.wire.web.servlet.initiateWire.doPost(initiateWire.java:34)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.pnc.wire.web.servlet.initiateWire.doGet(initiateWire.java:25)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:966)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:478)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:463)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3129)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:238)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:811)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1433)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:93)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:394)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:274)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:152)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:213)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.io.async.AbstractAsyncFuture.fireCompletionActions(AbstractAsyncFuture.java:195)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:194)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:741)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:863)
          [4/15/08 9:04:24:496 EDT] 0000002c SystemErr     R 	at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1510)
          My initial thoughts are either a problem with the IBM WebSphere/Xerces implementation, or the security header being inserted is actually null. I wish there was a better error message...

          Comment


          • #6
            Whats the Config

            Whats the client and serrver configs of your digitial siganture?

            Comment


            • #7
              Originally posted by IanB View Post
              Whats the client and serrver configs of your digitial siganture?
              Client:
              Code:
              	<bean id="wireFxServiceClient" parent="abstractClient"
              		class="com.pnc.wire.web.controller.WireFxServiceClient">
              		<property name="interceptors">
              			<list>
              				<ref bean="wss4jInterceptor"/>
              			</list>
              		</property>
              		<property name="marshaller" ref="marshaller" />
              		<property name="unmarshaller" ref="marshaller" />
              	</bean>
              	<bean id="wss4jInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
              		<property name="securementActions" value="Signature"/>
              		<property name="securementUsername" value="wireUsr2"/>
              		<property name="securementPassword" value="wirePass"/>
              		<property name="securementSignatureCrypto">
              			<bean class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
              				<property name="keyStorePassword" value="wirefx"/>
              				<property name="keyStoreLocation" value="/WEB-INF/wireFx.jks"/>
              			</bean>
              		</property>
              	</bean>
              
              	<bean id="messageFactory"
              		class="org.springframework.ws.soap.saaj.SaajSoapMessageFactory" />
              
              	<bean id="abstractClient" abstract="true">
              		<constructor-arg ref="messageFactory" />
              		<property name="defaultUri"
              			value="http://localhost:9080/wire/services" />
              	</bean>
              
              	<bean id="marshaller"
              		class="org.springframework.oxm.jaxb.Jaxb2Marshaller">
              		<property name="classesToBeBound">
              			<list>
              				<value>com.pnc.wire.fx.model.FxRateRequest</value>
              				<value>com.pnc.wire.fx.model.FxRateResponse</value>
              			</list>
              		</property>
              	</bean>
              </beans>
              Server:
              Code:
                  <bean class="org.springframework.ws.server.endpoint.mapping.PayloadRootAnnotationMethodEndpointMapping">
                      <description>
                          Detects @PayloadRoot annotations on @Endpoint bean methods. The FxRateMarshallingEndpoint
                          has such annotations. It uses two interceptors: one that logs the message payload, and the other validates
                          it accoring to the 'fxRate.xsd' schema file.
                      </description>
                      <property name="interceptors">
                          <list>
                              <bean class="org.springframework.ws.server.endpoint.interceptor.PayloadLoggingInterceptor"/>
                              <bean class="org.springframework.ws.soap.server.endpoint.interceptor.PayloadValidatingInterceptor">
                                  <property name="schema" value="/WEB-INF/fxRate.xsd"/>
                                  <property name="validateRequest" value="true"/>
                                  <property name="validateResponse" value="true"/>
                              </bean>
                              <ref bean="wss4jInterceptor"/>
                          </list>
                      </property>
                      <property name="order" value="1"/>
                  </bean>
              	<bean id="wss4jInterceptor"
              		class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
              		<property name="validationActions" value="Signature" />
              		<property name="validationSignatureCrypto">
              			<bean
              				class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
              				<property name="keyStorePassword" value="wirefx" />
              				<property name="keyStoreLocation"
              					value="/WEB-INF/wireFx.jks" />
              			</bean>
              		</property>
              	</bean>

              Comment


              • #8
                hmmmmm

                Cant see anything wrong there at all, seeing as you are using WAS have you got classloader set to parent first or last? can you not get the required jars on the app classpath and then set classloader to parent last

                Comment


                • #9
                  Getting closer... I did forget to change the classpath loader.

                  Running into another problem.
                  Code:
                  org.apache.xml.security.exceptions.XMLSecurityException: Cannot create a http://www.w3.org/2000/09/xmldsig#:ds:SignatureMethod from a http://www.w3.org/2000/09/xmldsig#:SignatureMethod element
                  	at org.apache.xml.security.utils.ElementProxy.guaranteeThatElementInCorrectSpace(Unknown Source)
                  	at org.apache.xml.security.utils.ElementProxy.<init>(Unknown Source)
                  	at org.apache.xml.security.algorithms.SignatureAlgorithm.<init>(Unknown Source)
                  	at org.apache.xml.security.signature.SignedInfo.<init>(Unknown Source)
                  	at org.apache.xml.security.signature.XMLSignature.<init>(Unknown Source)
                  	at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:338)
                  	at org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:713)
                  	at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:54)
                  	at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:192)
                  	at org.springframework.ws.soap.security.wss4j.Wss4jHandler.doSenderAction(Wss4jHandler.java:162)
                  	at org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor.secureMessage(Wss4jSecurityInterceptor.java:450)
                  	at org.springframework.ws.soap.security.AbstractWsSecurityInterceptor.handleRequest(AbstractWsSecurityInterceptor.java:182)
                  	at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:480)
                  	at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:440)
                  	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:289)
                  	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:283)
                  	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:275)
                  	at com.pnc.wire.web.controller.WireFxServiceClient.getFxRate(WireFxServiceClient.java:72)
                  	at com.pnc.wire.web.controller.WireFxServiceHandler.getFxRate(WireFxServiceHandler.java:36)
                  	at com.pnc.wire.web.controller.WireController.doAction(WireController.java:107)
                  	at com.pnc.wire.web.servlet.initiateWire.doPost(initiateWire.java:34)
                  	at com.pnc.wire.web.servlet.initiateWire.doGet(initiateWire.java:25)
                  	at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
                  	at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
                  	at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:966)
                  	at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:478)
                  	at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:463)
                  	at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3129)
                  	at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:238)
                  	at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:811)
                  	at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1433)
                  	at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:93)
                  	at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465)
                  	at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:394)
                  	at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:274)
                  	at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
                  	at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
                  	at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:152)
                  	at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:213)
                  	at com.ibm.io.async.AbstractAsyncFuture.fireCompletionActions(AbstractAsyncFuture.java:195)
                  	at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
                  	at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:194)
                  	at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:741)
                  	at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:863)
                  	at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1510)
                  [4/15/08 11:35:06:291 EDT] 0000002a SystemOut     O ERROR  04-15-2008 11:35:06.291 (org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor) Could not secure response: WSHandler: Signature: error during message processingorg.apache.ws.security.WSSecurityException: Signature creation failed (Cannot setup signature data structure); nested exception is org.apache.ws.security.WSSecurityException: WSHandler: Signature: error during message processingorg.apache.ws.security.WSSecurityException: Signature creation failed (Cannot setup signature data structure) 
                  org.springframework.ws.soap.security.wss4j.Wss4jSecuritySecurementException: WSHandler: Signature: error during message processingorg.apache.ws.security.WSSecurityException: Signature creation failed (Cannot setup signature data structure); nested exception is org.apache.ws.security.WSSecurityException: WSHandler: Signature: error during message processingorg.apache.ws.security.WSSecurityException: Signature creation failed (Cannot setup signature data structure)
                  	at org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor.secureMessage(Wss4jSecurityInterceptor.java:453)
                  	at org.springframework.ws.soap.security.AbstractWsSecurityInterceptor.handleRequest(AbstractWsSecurityInterceptor.java:182)
                  	at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:480)
                  	at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:440)
                  	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:289)
                  	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:283)
                  	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:275)
                  	at com.pnc.wire.web.controller.WireFxServiceClient.getFxRate(WireFxServiceClient.java:72)
                  	at com.pnc.wire.web.controller.WireFxServiceHandler.getFxRate(WireFxServiceHandler.java:36)
                  	at com.pnc.wire.web.controller.WireController.doAction(WireController.java:107)
                  	at com.pnc.wire.web.servlet.initiateWire.doPost(initiateWire.java:34)
                  	at com.pnc.wire.web.servlet.initiateWire.doGet(initiateWire.java:25)
                  	at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
                  	at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
                  	at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:966)
                  	at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:478)
                  	at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:463)
                  	at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3129)
                  	at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:238)
                  	at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:811)
                  	at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1433)
                  	at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:93)
                  	at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465)
                  	at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:394)
                  	at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:274)
                  	at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
                  	at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
                  	at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:152)
                  	at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:213)
                  	at com.ibm.io.async.AbstractAsyncFuture.fireCompletionActions(AbstractAsyncFuture.java:195)
                  	at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
                  	at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:194)
                  	at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:741)
                  	at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:863)
                  	at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1510)
                  Caused by: 
                  org.apache.ws.security.WSSecurityException: WSHandler: Signature: error during message processingorg.apache.ws.security.WSSecurityException: Signature creation failed (Cannot setup signature data structure)
                  	at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
                  	at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:192)
                  	at org.springframework.ws.soap.security.wss4j.Wss4jHandler.doSenderAction(Wss4jHandler.java:162)
                  	at org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor.secureMessage(Wss4jSecurityInterceptor.java:450)
                  	... 34 more
                  I found info on this problem here: http://www.nabble.com/Decryption-fai...d13645653.html

                  Still working through it...

                  Comment

                  Working...
                  X