|
|
Problems Implementing Client Security
plete(fromICLReadCallback.java:102)
[4/14/08 9:53:09:279 EDT] 0000002e SystemErr R at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:152)
[4/14/08 9:53:09:279 EDT] 0000002e SystemErr R at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:213)
[4/14/08 9:53:09:279 EDT] 0000002e SystemErr R at com.ibm.io.async.AbstractAsyncFuture.fireCompletionActions(AbstractAsyncFuture.java:195)
[4/14/08 9:53:09:279 EDT] 0000002e SystemErr R at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
[4/14/08 9:53:09:279 EDT] 0000002e SystemErr R at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:194)
[4/14/08 9:53:09:279 EDT] 0000002e SystemErr R at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:741)
[4/14/08 9:53:09:279 EDT] 0000002e SystemErr R at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:863)
[4/14/08 9:53:09:279 EDT] 0000002e SystemErr R at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1510)
I have configured my client to use an XWS Security interceptor (as shown below), but this does not appear to be processing the digital signature. Code:
lt;bean id=quot;wireFxServiceClientquot; parent=quot;abstractClientquot;
class=quot;com.pnc.wire.web.controller.WireFxServiceClientquot;gt;
lt;property name=quot;interceptorsquot;gt;
lt;listgt;
lt;ref bean=quot;wsSecurityInterceptorquot;/gt;
lt;/listgt;
lt;/propertygt;
lt;property name=quot;marshallerquot; ref=quot;marshallerquot; /gt;
lt;property name=quot;unmarshallerquot; ref=quot;marshallerquot; /gt;
lt;!-- lt;property name=quot;helperquot; ref=quot;secureClientHelperquot;/gt; --gt;
lt;/beangt;
lt;bean id=quot;wsSecurityInterceptorquot; class=quot;org..ws.soap.security.xwss.XwsSecurityInterceptorquot;gt;
lt;property name=quot;policyConfigurationquot; value=quot;/WEB-INF/securityPolicy.xmlquot;/gt;
lt;property name=quot;callbackHandlersquot;gt;
lt;listgt;
lt;ref bean=quot;keyStoreHandlerquot;/gt;
lt;/listgt;
lt;/propertygt;
lt;/beangt;
lt;bean id=quot;keyStoreHandlerquot; class=quot;org..ws.soap.security.xwss.callback.KeyStoreCallbackHandlerquot;gt;
lt;property name=quot;keyStorequot; ref=quot;keyStorequot;/gt;
lt;property name=quot;privateKeyPasswordquot; ref=quot;wirefxquot;/gt;
lt;/beangt;
lt;bean id=quot;keyStorequot; class=quot;org..ws.soap.security.support.KeyStoreFactoryBeanquot;gt;
lt;property name=quot;locationquot; value=quot;/WEB-INF/wireFx.jksquot;/gt;
lt;property name=quot;passwordquot; value=quot;wirefxquot;/gt;
lt;/beangt;
I have also configured a client-side server policy file:
Code:
lt;xwss:SecurityConfiguration dumpMessages=quot;falsequot; xmlns:xwss=quot;xml/ns/xwss/configquot;gt; lt;xwss:Sign includeTimestamp=quot;falsequot;/gt;
lt;/xwss:SecurityConfigurationgt;
Aside from wiring the interceptor on the client side, is there anything else I need to do in order to digitally sign the outgoing request or is my configuration incorrect?
Any insight would be greatly appreciated! Thank you.
This won't help, but I got the exact same message. Then after a couple of hours of trying to get it to work I moved to wss4j.... wich still doesnt work.
I'm suspecting some kind of classpath problem, wrong jar versions or something...could be wrong though.
dspoljaric,
I have struggled all afternoon with the wss4j but i finally just managed to get it to play, i had to switch out to the 1.5.3 version of the wss4j jar and now it all rocks and rolls
For the record, I've been able to get certificate authentication working for both wss4j and xwss.
I just can't get certificate authentication working with saaj 1.2.
I don't think your xwss security policy file is correct on the client. I used:
Code:
lt;xwss:SecurityConfiguration dumpMessages=quot;truequot; xmlns:xwss=quot;xml/ns/xwss/configquot;gt;
lt;xwss:Sign includeTimestamp=quot;falsequot;gt;
lt;xwss:X509Token certificateAlias=quot;myAliasquot; /gt;
lt;/xwss:Signgt;
lt;/xwss:SecurityConfigurationgt;
By the way, I used these steps to create my key pair.
plete(NewConnectionInitialReadCallback.java:113)
[4/15/08 9:04:24:496 EDT] 0000002c SystemErr R at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:152)
[4/15/08 9:04:24:496 EDT] 0000002c SystemErr R at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:213)
[4/15/08 9:04:24:496 EDT] 0000002c SystemErr R at com.ibm.io.async.AbstractAsyncFuture.fireCompletionActions(AbstractAsyncFuture.java:195)
[4/15/08 9:04:24:496 EDT] 0000002c SystemErr R at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
[4/15/08 9:04:24:496 EDT] 0000002c SystemErr R at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:194)
[4/15/08 9:04:24:496 EDT] 0000002c SystemErr R at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:741)
[4/15/08 9:04:24:496 EDT] 0000002c SystemErr R at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:863)
[4/15/08 9:04:24:496 EDT] 0000002c SystemErr R at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1510)
My initial thoughts are either a problem with the IBM WebSphere/Xerces implementation, or the security header being inserted is actually null. I wish there was a better error message...
Whats the client and serrver configs of your digitial siganture?
Originally Posted by IanBWhats the client and serrver configs of your digitial siganture?
Client:
Code:
lt;bean id=quot;wireFxServiceClientquot; parent=quot;abstractClientquot;
class=quot;com.pnc.wire.web.controller.WireFxServiceClientquot;gt;
lt;property name=quot;interceptorsquot;gt;
lt;listgt;
lt;ref bean=quot;wss4jInterceptorquot;/gt;
lt;/listgt;
lt;/propertygt;
lt;property name=quot;marshallerquot; ref=quot;marshallerquot; /gt;
lt;property name=quot;unmarshallerquot; ref=quot;marshallerquot; /gt;
lt;/beangt;
lt;bean id=quot;wss4jInterceptorquot; class=quot;org..ws.soap.security.wss4j.Wss4jSecurityInterceptorquot;gt;
lt;property name=quot;securementActionsquot; value=quot;Signaturequot;/gt;
lt;property name=quot;securementUsernamequot; value=quot;wireUsr2quot;/gt;
lt;property name=quot;securementPasswordquot; value=quot;wirePassquot;/gt;
lt;property name=quot;securementSignatureCryptoquot;gt;
lt;bean class=quot;org..ws.soap.security.wss4j.support.CryptoFactoryBeanquot;gt;
lt;property name=quot;keyStorePasswordquot; value=quot;wirefxquot;/gt;
lt;property name=quot;keyStoreLocationquot; value=quot;/WEB-INF/wireFx.jksquot;/gt;
lt;/beangt;
lt;/propertygt;
lt;/beangt;
lt;bean id=quot;messageFactoryquot;
class=quot;org..ws.soap.saaj.SaajSoapMessageFactoryquot; /gt;
lt;bean id=quot;abstractClientquot; abstract=quot;truequot;gt;
lt;constructor-arg ref=quot;messageFactoryquot; /gt;
lt;property name=quot;defaultUriquot;
value=quot;wire/servicesquot; /gt;
lt;/beangt;
lt;bean id=quot;marshallerquot;
class=quot;org..oxm.jaxb.Jaxb2Marshallerquot;gt;
lt;property name=quot;classesToBeBoundquot;gt;
lt;listgt;
lt;valuegt;com.pnc.wire.fx.model.FxRateRequestlt;/valuegt;
lt;valuegt;com.pnc.wire.fx.model.FxRateResponselt;/valuegt;
lt;/listgt;
lt;/propertygt;
lt;/beangt;
lt;/beansgt;
Server:
Code: lt;bean class=quot;org..ws.server.endpoint.mapping.PayloadRootAnnotationMethodEndpointMappingquot;gt; lt;descriptiongt;Detects @PayloadRoot annotations on @Endpoint bean methods. The FxRateMarshallingEndpointhas such annotations. It uses two interceptors: one that logs the message payload, and the other validatesit accoring to the 'fxRate.xsd' schema file. lt;/descriptiongt; lt;property name=quot;interceptorsquot;gt;lt;listgt; lt;bean class=quot;org..ws.server.endpoint.interceptor.PayloadLoggingInterceptorquot;/gt; lt;bean class=quot;org..ws.soap.server.endpoint.interceptor.PayloadValidatingInterceptorquot;gt; lt;property name=quot;schemaquot; value=quot;/WEB-INF/fxRate.xsdquot;/gt; lt;property name=quot;validateRequestquot; value=quot;truequot;/gt; lt;property name=quot;validateResponsequot; value=quot;truequot;/gt; lt;/beangt; lt;ref bean=quot;wss4jInterceptorquot;/gt;lt;/listgt; lt;/propertygt; lt;property name=quot;orderquot; value=quot;1quot;/gt; lt;/beangt;
lt;bean id=quot;wss4jInterceptorquot;
class=quot;org..ws.soap.security.wss4j.Wss4jSecurityInterceptorquot;gt;
lt;property name=quot;validationActionsquot; value=quot;Signaturequot; /gt;
lt;property name=quot;validationSignatureCryptoquot;gt;
lt;bean
class=quot;org..ws.soap.security.wss4j.support.CryptoFactoryBeanquot;gt;
lt;property name=quot;keyStorePasswordquot; value=quot;wirefxquot; /gt;
lt;property name=quot;keyStoreLocationquot;
value=quot;/WEB-INF/wireFx.jksquot; /gt;
lt;/beangt;
lt;/propertygt;
lt;/beangt;Cant see anything wrong there at all, seeing as you are using WAS have you got classloader set to parent first or last? can you not get the required jars on the app classpath and then set classloader to parent last
plete(NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:152)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:213)
at com.ibm.io.async.AbstractAsyncFuture.fireCompletionActions(AbstractAsyncFuture.java:195)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:194)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:741)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:863)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1510)
[4/15/08 11:35:06:291 EDT] 0000002a SystemOut O ERROR 04-15-2008 11:35:06.291 (org..ws.soap.security.wss4j.Wss4jSecurityInterceptor) Could not secure response: WSHandler: Signature: error during message processingorg.apache.ws.security.WSSecurityException: Signature creation failed (Cannot setup signature data structure); nested exception is org.apache.ws.security.WSSecurityException: WSHandler: Signature: error during message processingorg.apache.ws.security.WSSecurityException: Signature creation failed (Cannot setup signature data structure)
org..ws.soap.security.wss4j.Wss4jSecuritySecurementException: WSHandler: Signature: error during message processingorg.apache.ws.security.WSSecurityException: Signature creation failed (Cannot setup signature data structure); nested exception is org.apache.ws.security.WSSecurityException: WSHandler: Signature: error during message processingorg.apache.ws.security.WSSecurityException: Signature creation failed (Cannot setup signature data structure)
at org..ws.soap.security.wss4j.Wss4jSecurityInterceptor.secureMessage(Wss4jSecurityInterceptor.java:453)
at org..ws.soap.security.AbstractWsSecurityInterceptor.handleRequest(AbstractWsSecurityInterceptor.java:182)
at org..ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:480)
at org..ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:440)
at org..ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:289)
at org..ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:283)
at org..ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:275)
at com.pnc.wire.web.controller.WireFxServiceClient.getFxRate(WireFxServiceClient.java:72)
at com.pnc.wire.web.controller.WireFxServiceHandler.getFxRate(WireFxServiceHandler.java:36)
at com.pnc.wire.web.controller.WireController.doAction(WireController.java:107)
at com.pnc.wire.web.servlet.initiateWire.doPost(initiateWire.java:34)
at com.pnc.wire.web.servlet.initiateWire.doGet(initiateWire.java:25)
at javax.servlet.from.fromServlet.service(fromServlet.java:743)
at javax.servlet.from.fromServlet.service(fromServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:966)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:478)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:463)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3129)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:238)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:811)
at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1433)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:93)
at com.ibm.ws.from.channel.inbound.impl.fromInboundLink.handleDiscrimination(fromInboundLink.java:465)
at com.ibm.ws.from.channel.inbound.impl.fromInboundLink.handleNewInformation(fromInboundLink.java:394)
at com.ibm.ws.from.channel.inbound.impl.fromInboundLink.ready(fromInboundLink.java:274)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:152)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:213)
at com.ibm.io.async.AbstractAsyncFuture.fireCompletionActions(AbstractAsyncFuture.java:195)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:194)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:741)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:863)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1510)
Caused by:
org.apache.ws.security.WSSecurityException: WSHandler: Signature: error during message processingorg.apache.ws.security.WSSecurityException: Signature creation failed (Cannot setup signature data structure)
at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:192)
at org..ws.soap.security.wss4j.Wss4jHandler.doSenderAction(Wss4jHandler.java:162)
at org..ws.soap.security.wss4j.Wss4jSecurityInterceptor.secureMessage(Wss4jSecurityInterceptor.java:450)
... 34 more
I found info on this problem here: Decryption-fai...d13645653.html
Still working through it... |
|
Post at 2011-4-15 14:33
| This Author's Posts Only
