users@glassfish.java.net

Web Services security not working on GF v3

From: Sébastien Stormacq <sebastien.stormacq_at_oracle.com>
Date: Thu, 11 Nov 2010 15:57:05 +0100

Dear All,

I am deploying web services and securing them with OpenSSO STS (or OpenAM).
I have a GF instance for my web service provider
I have a GF instance for OpenSSO STS
and a web service client in command line

Everything is OK when deploying on GF v2.

Same code is not working when deployed under GF v3. Web Service Provider is unable to verify SOAP's message XML signature.
See exception below.

Is this a known problem with GF v3 ? A regression ?
Thanks for your help


com.sun.org.apache.xml.internal.security.signature.XMLSignatureException: Unknown transformation. No handler installed for URI http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform
Original Exception was com.sun.org.apache.xml.internal.security.transforms.TransformationException: Unknown transformation. No handler installed for URI http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform
Original Exception was com.sun.org.apache.xml.internal.security.transforms.InvalidTransformException: Unknown transformation. No handler installed for URI http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform
        at com.sun.org.apache.xml.internal.security.signature.Reference.getContentsAfterTransformation(Unknown Source)
        at com.sun.org.apache.xml.internal.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
        at com.sun.org.apache.xml.internal.security.signature.Reference.calculateDigest(Unknown Source)
        at com.sun.org.apache.xml.internal.security.signature.Reference.verify(Unknown Source)
        at com.sun.org.apache.xml.internal.security.signature.Manifest.verifyReferences(Unknown Source)
        at com.sun.org.apache.xml.internal.security.signature.SignedInfo.verify(Unknown Source)
        at com.sun.org.apache.xml.internal.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
        at com.sun.identity.wss.xmlsig.WSSSignatureProvider.verifyWSSSignature(WSSSignatureProvider.java:1038)
        at com.sun.identity.saml.xmlsig.XMLSignatureManager.verifyWSSSignature(XMLSignatureManager.java:759)
        at com.sun.identity.wss.security.handler.SecureSOAPMessage.verifySignature(SecureSOAPMessage.java:1059)
        at com.sun.identity.wss.security.handler.SOAPRequestHandler.validateRequest(SOAPRequestHandler.java:325)
        at com.sun.identity.wssagents.jaxws.server.ServerHandler.handleMessage(ServerHandler.java:113)
        at com.sun.identity.wssagents.jaxws.server.ServerHandler.handleMessage(ServerHandler.java:47) <<<<<------------ This is OpenSSO WSS Handler
        at com.sun.xml.ws.handler.HandlerProcessor.callHandleMessage(HandlerProcessor.java:284)
        at com.sun.xml.ws.handler.HandlerProcessor.callHandlersRequest(HandlerProcessor.java:135)
        at com.sun.xml.ws.handler.ServerSOAPHandlerTube.callHandlersOnRequest(ServerSOAPHandlerTube.java:134)
        at com.sun.xml.ws.handler.HandlerTube.processRequest(HandlerTube.java:116)
        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
        at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
        at com.sun.xml.ws.api.pipe.helper.AbstractTubeImpl.process(AbstractTubeImpl.java:112)
        at org.glassfish.webservices.MonitoringPipe.process(MonitoringPipe.java:138)
        at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
        at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
        at com.sun.xml.ws.api.pipe.helper.AbstractTubeImpl.process(AbstractTubeImpl.java:112)
        at com.sun.enterprise.security.webservices.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:195)
        at com.sun.enterprise.security.webservices.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:127)
        at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
        at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
        at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:295)
        at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:519)
        at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:288)
        at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:143)
        at org.glassfish.webservices.JAXWSServlet.doPost(JAXWSServlet.java:149)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
        at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1523)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:279)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:641)
        at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97)
        at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:85)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:185)
        at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:325)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:226)
        at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:165)
        at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:791)
        at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:693)
        at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:954)
        at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:170)
        at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135)
        at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102)
        at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88)
        at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
        at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53)
        at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57)
        at com.sun.grizzly.ContextTask.run(ContextTask.java:69)
        at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:330)
        at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:309)
        at java.lang.Thread.run(Thread.java:680) 


-- 
Sébastien Stormacq | Senior Sales Consultant | +352 621 503 626
Oracle Luxembourg
77-79, Parc d'Activites Capellen
Capellen, L-8308 Luxembourg
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.