users@glassfish.java.net

Re: Web Services security not working on GF v3

From: Kumar.Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Fri, 12 Nov 2010 13:06:26 +0530

Please send this to OpenAM list. The WS-Security implementation being
used here is the one that is part of OpenAM. There is no such problem
with WS-Security impl in GFV3.

regards,
kumar

On 11/11/10 8:27 PM, Sébastien Stormacq wrote:
> Dear All,
>
> I am deploying web services and securing them with OpenSSO STS (or
> OpenAM).
> I have a GF instance for my web service provider
> I have a GF instance for OpenSSO STS
> and a web service client in command line
>
> Everything is OK when deploying on GF v2.
>
> Same code is not working when deployed under GF v3. Web Service
> Provider is unable to verify SOAP's message XML signature.
> See exception below.
>
> Is this a known problem with GF v3 ? A regression ?
> Thanks for your help
>
>
> com.sun.org.apache.xml.internal.security.signature.XMLSignatureException:
> Unknown transformation. No handler installed for URI
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform
> Original Exception was
> com.sun.org.apache.xml.internal.security.transforms.TransformationException:
> Unknown transformation. No handler installed for URI
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform
> Original Exception was
> com.sun.org.apache.xml.internal.security.transforms.InvalidTransformException:
> Unknown transformation. No handler installed for URI
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform
> at
> com.sun.org.apache.xml.internal.security.signature.Reference.getContentsAfterTransformation(Unknown
> Source)
> at
> com.sun.org.apache.xml.internal.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
> Source)
> at
> com.sun.org.apache.xml.internal.security.signature.Reference.calculateDigest(Unknown
> Source)
> at
> com.sun.org.apache.xml.internal.security.signature.Reference.verify(Unknown
> Source)
> at
> com.sun.org.apache.xml.internal.security.signature.Manifest.verifyReferences(Unknown
> Source)
> at
> com.sun.org.apache.xml.internal.security.signature.SignedInfo.verify(Unknown
> Source)
> at
> com.sun.org.apache.xml.internal.security.signature.XMLSignature.checkSignatureValue(Unknown
> Source)
> at
> com.sun.identity.wss.xmlsig.WSSSignatureProvider.verifyWSSSignature(WSSSignatureProvider.java:1038)
> at
> com.sun.identity.saml.xmlsig.XMLSignatureManager.verifyWSSSignature(XMLSignatureManager.java:759)
> at
> com.sun.identity.wss.security.handler.SecureSOAPMessage.verifySignature(SecureSOAPMessage.java:1059)
> at
> com.sun.identity.wss.security.handler.SOAPRequestHandler.validateRequest(SOAPRequestHandler.java:325)
> at
> com.sun.identity.wssagents.jaxws.server.ServerHandler.handleMessage(ServerHandler.java:113)
> at
> com.sun.identity.wssagents.jaxws.server.ServerHandler.handleMessage(ServerHandler.java:47)
> <<<<<------------ This is OpenSSO WSS Handler
> at
> com.sun.xml.ws.handler.HandlerProcessor.callHandleMessage(HandlerProcessor.java:284)
> at
> com.sun.xml.ws.handler.HandlerProcessor.callHandlersRequest(HandlerProcessor.java:135)
> at
> com.sun.xml.ws.handler.ServerSOAPHandlerTube.callHandlersOnRequest(ServerSOAPHandlerTube.java:134)
> at com.sun.xml.ws.handler.HandlerTube.processRequest(HandlerTube.java:116)
> at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
> at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
> at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
> at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
> at
> com.sun.xml.ws.api.pipe.helper.AbstractTubeImpl.process(AbstractTubeImpl.java:112)
> at
> org.glassfish.webservices.MonitoringPipe.process(MonitoringPipe.java:138)
> at
> com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
> at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
> at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
> at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
> at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
> at
> com.sun.xml.ws.api.pipe.helper.AbstractTubeImpl.process(AbstractTubeImpl.java:112)
> at
> com.sun.enterprise.security.webservices.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:195)
> at
> com.sun.enterprise.security.webservices.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:127)
> at
> com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
> at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
> at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
> at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
> at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
> at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:295)
> at
> com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:519)
> at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:288)
> at
> com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:143)
> at org.glassfish.webservices.JAXWSServlet.doPost(JAXWSServlet.java:149)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
> at
> org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1523)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:279)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:641)
> at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97)
> at
> com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:85)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:185)
> at
> org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:325)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:226)
> at
> com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:165)
> at
> com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:791)
> at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:693)
> at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:954)
> at
> com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:170)
> at
> com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135)
> at
> com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102)
> at
> com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88)
> at
> com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
> at
> com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53)
> at
> com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57)
> at com.sun.grizzly.ContextTask.run(ContextTask.java:69)
> at
> com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:330)
> at
> com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:309)
> at java.lang.Thread.run(Thread.java:680)
>
>
> --
>
>
>
>
> Sébastien Stormacq | Senior Sales Consultant | +352 621 503 626
> Oracle Luxembourg
> 77-79, Parc d'Activites Capellen
> Capellen, L-8308 Luxembourg
>
>
>
>
> <http://www.oracle.com/commitment>
>
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.