Announcement Announcement Module
Collapse
No announcement yet.
Encryption and mapping problem Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Encryption and mapping problem

    Hi. I'm using Wss4jSecurityInterceptor and works fine for usernametoken and signature. But when I'm try to encrypt I have troubles with mapping, my server console prints:

    org.springframework.ws.server.MessageDispatcher dispatch
    WARNING: No endpoint mapping found for [SaajSoapMessage {http://www.w3.org/2001/04/xmlenc#}EncryptedData]
    I'm using PayloadRootQNameEndpointMapping . I tried SoapActionEndpointMapping but it only works when I put "defaultEndpoint" property, I can't map the encrypted requests to my endpoint.
    Which class should I use for mapping and encryption? PayloadRootQNameEndpointMapping or SoapActionEndpointMapping?

    Here's my servlet-ws:

    mapping:
    <bean id="endpointMapping" class="org.springframework.ws.server.endpoint.mapp ing.PayloadRootQNameEndpointMapping">
    <!-- <bean id="endpointMapping" class="org.springframework.ws.soap.server.endpoint .mapping.SoapActionEndpointMapping"> -->
    <!-- <property name="defaultEndpoint" ref="sampleEndpoint"/> -->
    <property name="mappings">
    <props>
    <prop key="{http://myservice.com}echo">sampleEndpoint</prop>
    </props>
    </property>
    <property name="interceptors">
    <list>
    <ref local="wsSecurityInterceptor"/>
    </list>
    </property>
    </bean>
    interceptor:
    <bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j. Wss4jSecurityInterceptor">
    <property name="validationActions" value="UsernameToken Encrypt"/>
    <property name="validationSignatureCrypto" ref="cryptoFactory"/>
    <property name="validationCallbackHandler" ref="keystoreCallbackHandler"/>
    <property name="validationDecryptionCrypto" ref="cryptoFactory"/>
    <property name="validationCallbackHandlers">
    <list>
    <ref local="simplePasswordValidationCallbackHandler"/>
    <ref local="keystoreCallbackHandler"/>
    </list>
    </property>
    </bean>

  • #2
    I think I see what's happening.The incoming requests have their payload completely encrypted (including the root element) which forbids the PayloadRootQNameEndpointMapping from doing its job.

    Endpoint mappings execute their associated interceptors (including Wss4jSecurityInterceptor) after the incoming request is mapped to an endpoint. As PayloadRootQNameEndpointMapping relies on the inspection of the root element of the payload, and because the whole payload is encrypted (replaced with a xenc:EncryptedData element), the mapping fails.

    Using SoapActionEndpointMapping should solve the problem (if that's on option) or you could try encrypting only parts of the payload and leaving the root element unchanged.

    Comment


    • #3
      Thanks for the reply tareq. I know what's happening with PayloadRootQNameEndpointMapping and encryption but and I wonder if there's a way to use encryption and PayloadRootQNameEndpointMapping together.
      However I tried SoapActionMapping without success, only worked using "defaultEndpoint". I need to add something to the request in my client? some SoapAction header? I can't map the requests to my endpoints.
      Not encrypt the root element is a good option but I'd like to find a better one.

      Comment


      • #4
        PayloadRootQNameEndpointMapping should work because it doesn't depend on the content of the soap message. Soap action is an (http) header with a URI as value that refers to a specific (wsdl) operation. I can't give you precise instructions because it depends on the way your client and server are implemented. Make sure that:
        1. you're using SOAP 1.1 (soap action is SOAP 1.1 specific)
        2. a soap action is specified for each operation in the wsdl.
        3. your endpoints are properly mapped.
        4. your client is setting the soap action properly.
        I suggest that you test your web service with SoapUI. If everything works ok then the problem is in the client.

        You still have 2 more options:
        1. you can use WS-Addressing to dispatch your messages. WS-Addressing support in Spring-WS is implemented as an endpoint mapping which makes it fairly easy to use.
        2. if you still want to use PayloadRootQNameEndpointMapping, you can leave the payload root element unencrypted. WS-Security enables you to specify which parts of the payload you want to encrypt and whether to encrypt the element or only its content. Again, I can't give you specific instructions because it depends on the way you generate you messages but you can take a look at this to have an idea.
        Good luck.

        Comment


        • #5
          Thank you tareq.

          Comment

          Working...
          X