Hi Wannes,
The error message you are seeing in the response is because XWS (in
JWSDP 1.5) is unable to resolve the reference
<ds:Reference URI="#Body">
According to the WSS specification, when trying to locate an element
referenced in a signature, the following attributes are considered:
" Local ID attributes on XML Signature elements
" Local ID attributes on XML Encryption elements
" Global wsu:Id attributes (described below) on elements
In your client request an Id attribute is being used to reference the
SOAP Body as opposed to a wsu:Id attribute.
However, if you swtich over to JWSDP 1.6 which was released recently
http://java.sun.com/webservices/jwsdp/index.jsp
Then your client request should be accepted unmodified. Please try it
out and let us know.
Thanks.
Sels Wannes wrote:
> Hi all,
>
>
>
> We're trying to use a secured webservice with our own javascript
> client. The service I got from here:
> http://msdn.microsoft.com/architecture/default.aspx?pull=/library/en-us/dnbda/html/wssinteropjwsdp15.asp
> . My security config for the service is as follows:
>
> <xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
>
> <xwss:Service>
>
> <xwss:SecurityConfiguration dumpMessages="true">
>
> <xwss:RequireSignature/>
>
> </xwss:SecurityConfiguration>
>
> </xwss:Service>
>
> <xwss:SecurityEnvironmentHandler>
>
> com.sun.xml.wss.sample.SecurityEnvironmentHandler
>
> </xwss:SecurityEnvironmentHandler>
>
> </xwss:JAXRPCSecurity>
>
>
>
> We're using our own test certificates (see attachments) which I've
> imported into catalina.home/xws-security/etc/server-truststore.jks .
> The clients request looks like this:
>
>
>
> <?xml version="1.0" encoding="UTF-8"?>
>
> <SOAP-ENV:Envelope
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
> xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
> xmlns:tns="http://wss.samples.microsoft.com"
> xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>
> <SOAP-ENV:Header>
>
> <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
>
> <ds:Signature
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>
> <ds:SignedInfo>
>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>
> <ds:Reference URI="#Body">
>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>
>
> <ds:DigestValue>nAWqEctvN0YBK583AOEFhDKURnI=</ds:DigestValue>
>
> </ds:Reference>
>
> </ds:SignedInfo>
>
> <ds:SignatureValue>
>
>
> jKg1zawmJSgM/i2xcuQ0uQDNB8g33mT1H/0CnaL0Kc8DV/k4YELmbuci7PdUBUxcVY1OnOAe
>
>
> vFpuFh2HDe1SrIxlkH1Dj6XatZq/NmQH9ecja/Jj6Mu+cs7hUxDpjEf7sBBObGPxLmrbUNqp
>
> lfmtKpgckY5ZIhsyQATsY8AyhNk=
>
> </ds:SignatureValue>
>
> <ds:KeyInfo>
>
> <X509Data xmlns="http://www.w3.org/2000/09/xmldsig#">
>
> <X509Certificate>
>
>
> MIIDuzCCAySgAwIBAgIKG+YxcQAAAAAAAjANBgkqhkiG9w0BAQUFADAPMQ0wCwYDVQQDEwRr
>
>
> emVuMB4XDTA1MDcwMTExMzMwMVoXDTA2MDcwMTExNDMwMVowgZkxCzAJBgNVBAYTAkJFMRAw
>
>
> DgYDVQQIEwdBbnR3ZXJwMRAwDgYDVQQHEwdLb250aWNoMQ0wCwYDVQQKEwRrWmVuMR8wHQYD
>
>
> VQQLDBZSZXNlYXJjaCAmIERldmVsb3BtZW50MRIwEAYDVQQDEwlOaWNrIE9vbXMxIjAgBgkq
>
>
> hkiG9w0BCQEWE25pY2sub29tc0Bjcm9ub3MuYmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
>
>
> AoGBAL77WBAQITePR+54H7dI1zRmdnhujcmgWpCRTWFDq5A7vudkMf01clGKa2lu1FbnCA/k
>
>
> vkA/93c+sQQGv3MPPRcZJ5RW5vjtpRWs2gimRYHpkeWGskWG0wVsaFIBQtH6cNupqypQMGkD
>
>
> 8XS/wSioQYAjQ2m3by+INK2CKG7tI3ORAgMBAAGjggGRMIIBjTAOBgNVHQ8BAf8EBAMCBsAw
>
>
> HQYDVR0OBBYEFI5KKh49OCl2MBNU+O0013hzmdCEMBMGA1UdJQQMMAoGCCsGAQUFBwMDMB8G
>
>
> A1UdIwQYMBaAFPN2tXITdsqwDeYnpcVmCITOY8hWMHEGA1UdHwRqMGgwZqBkoGKGLmh0dHA6
>
>
> Ly93czAzLWJwZWwuaWNvbm9zLmJlL0NlcnRFbnJvbGwva3plbi5jcmyGMGZpbGU6Ly9cXHdz
>
>
> MDMtYnBlbC5pY29ub3MuYmVcQ2VydEVucm9sbFxremVuLmNybDCBsgYIKwYBBQUHAQEEgaUw
>
>
> gaIwTgYIKwYBBQUHMAKGQmh0dHA6Ly93czAzLWJwZWwuaWNvbm9zLmJlL0NlcnRFbnJvbGwv
>
>
> d3MwMy1icGVsLmljb25vcy5iZV9remVuLmNydDBQBggrBgEFBQcwAoZEZmlsZTovL1xcd3Mw
>
>
> My1icGVsLmljb25vcy5iZVxDZXJ0RW5yb2xsXHdzMDMtYnBlbC5pY29ub3MuYmVfa3plbi5j
>
>
> cnQwDQYJKoZIhvcNAQEFBQADgYEASh8D+AA2JxsN1TRnGK/BoHDKV5AW96NCksvKzeQcPL4t
>
>
> KdRHhyiu9fCSSdON0O6Jq0qL416G+pXlkRc0xYNdIT1GZcdU2/QqHYBuSxjygovI00m7ynlH
>
> kzqHCkyWSiQYIS8ergfdH3AFHzdbLH4MGcDYvayXv3mQZqvPA7yRWw0=
>
> </X509Certificate>
>
> </X509Data>
>
> </ds:KeyInfo>
>
> </ds:Signature>
>
> </wsse:Security>
>
> </SOAP-ENV:Header>
>
> <SOAP-ENV:Body Id="Body">
>
> <submitOrder xmlns="http://wss.samples.microsoft.com">
>
> <OrderImpl_1 xmlns="">
>
> <creditCardExpM xsi:type="xsd:int">0</creditCardExpM>
>
> <creditCardExpY xsi:type="xsd:int">0</creditCardExpY>
>
> <creditCardNum xsi:type="xsd:string">bla</creditCardNum>
>
> <id xsi:type="xsd:long">0</id>
>
> </OrderImpl_1>
>
> </submitOrder>
>
> </SOAP-ENV:Body>
>
> </SOAP-ENV:Envelope>
>
>
>
> To which the server responds:
>
>
>
> INFO: ==== Response Start ====
>
> <?xml version="1.0" encoding="UTF-8"?>
>
> <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/"
> xmlns:ns0="http://wss.samples.microsoft.com"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>
> <env:Body>
>
> <env:Fault>
>
> <faultcode
> xmlns:ans1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ans1:PolicyViolation</faultcode>
>
> <faultstring>Receiver requirement for signature target:
> //*[local-name()='Body' and
> namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/'] , has not
> been met</faultstring>
>
> </env:Fault>
>
> </env:Body>
>
> </env:Envelope>
>
> ==== Response End ====
>
>
>
> I'm not really sure what the message means. Any thoughts?
>
>
>
>
>
> Kind regards,
>
>
>
> Wannes
>
>------------------------------------------------------------------------
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe_at_jax-rpc.dev.java.net
>For additional commands, e-mail: users-help_at_jax-rpc.dev.java.net
>
>