security policy configuration.

[sbirnie]

I'm getting an error trying to run a test case against a simple webservice where I'm trying to turn on signing security.

"INFO: 2007-11-04 19:14:54,370 WARN [org.springframework.ws.soap.security.xwss.XwsSecur ityInterceptor] - Could not validate request: com.sun.xml.wss.XWSSecurityException: Message does not conform to configured policy (found Signature) : Additional security than required found"

On the client side, I am using <xwss:Sign includeTimestamp="false" />
in the policy file. The soap message is coming out with the signature. I'm outputting the soap message from the server and it looks ok (if anyone cares to look at it):

Code:

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
	<SOAP-ENV:Header>
		<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
			SOAP-ENV:mustUnderstand="1">
			<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
				EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
				ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
				wsu:Id="XWSSGID-1194221692635-1999714895">
				MIICzjCCAbagAwIBAgIERy5FijANBgkqhkiG9w0BAQUFADApMQswCQYDVQQGEwJVUzEaMBgGA1UE
				AwwRY29tLnNjZC53cy5jbGllbnQwHhcNMDcxMTA0MjIxOTUzWhcNMTAxMTAzMjIxOTUzWjApMQsw
				CQYDVQQGEwJVUzEaMBgGA1UEAwwRY29tLnNjZC53cy5jbGllbnQwggEiMA0GCSqGSIb3DQEBAQUA
				A4IBDwAwggEKAoIBAQCurt6+1+Z5ufZHwkRvui2p2gtKevhsPqdDo/QXnRKVtK6E90ggZiKGe2au
				nC+NZULvlc8cxZB0v3T1mGBrmlveFUytEGeG9mge/UMvj4zc9PCQrLB45x9V+QkboswiSN0a8Hra
				wmMpDp9hQFcSSdbHOi3k4vYuGFY94QRiWh0nQJD3fQL8kn0QJp6x0mZj9VU4z5Ae8Xs2iSNLyJ/H
				yMcn1Y1jhJSg5Zi698jcNsQOUExSNt7OWzoRczjveeyUIis+GhOYE6Ilwqtk0U+AnZ08DlH+hF1z
				ilBxPcqrskgzQV2quwUw2s3dpi0BxdE0QcdhhsNHDPYT3eI+mcbLQla/AgMBAAEwDQYJKoZIhvcN
				AQEFBQADggEBAFMjGFwmU/pQMTv9OYU87dBdjyEkdDufON/rkQTc28XcjKzwmS8xrRKnxdcmrrZ1
				qHz04VviQVt/4ANNfVlRa6AX0HUEaMloh6Tw/NqiYAZhgtHXtNodB8bmyTgcS3KvU7DV0m6rp17u
				LtYgQDBJEDEDIt8aQj63g0V0be7je5L4ns1FKba1MeaQ2570mCx5S/GiA0byvQ9orSlyY+78hyXe
				ONIlV+0jacaDF7lX3xhC2BKUtrNrOfk2lpWzwq9VPhI4Qbv9BIq1QfmGMauI3/nFgBzatTxr9ULS
				b1sgBa2GPnaeJdB+qgmo+SRIV3PxITN6QwcZ9nDZyaPsVz1SKXE=
			</wsse:BinarySecurityToken>
			<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
				<ds:SignedInfo>
					<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
					<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
					<ds:Reference URI="#XWSSGID-1194221692652-1805862999">
						<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
						<ds:DigestValue>pWz6A5c6B4RqLH4a3dSEDYFmT5g=</ds:DigestValue>
					</ds:Reference>
				</ds:SignedInfo>
				<ds:SignatureValue>
					gDqh1ByYf1h/L3Pl9pgewoQzXMUZCVzgFNiajXc0OotkqsonHMeOIBUnyOlpPSCvyiz7dEnKrw+N
					URBY5EViB2BOP5z4t179UIxsk8ptPNqp2I90JD3WfnZphlfbLIEj4PPoEBjYMCJRP/QKYmzCKbFl
					xrHoE5viwLzdY9GOfdAdM5qTZL1ZVoump3EAkNC8CwjlNjNK5QFkOKvu0AoBLu6jWUq0IcoBDXHn
					fKem6/cZGM8xgaNd/Wox4fEH4SxNaZpGti4VnylN3hQTiA4YqD/Looi7HIOzxY+HPYYFdnkd4YeT GzQl6WSlFhzwd+rr17nQxCthiiP+dcvVGaRIAQ==
				</ds:SignatureValue>
				<ds:KeyInfo>
					<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
						wsu:Id="XWSSGID-1194221692633-660378838">
						<wsse:Reference URI="#XWSSGID-1194221692635-1999714895"
							ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
					</wsse:SecurityTokenReference>
				</ds:KeyInfo>
			</ds:Signature>
		</wsse:Security>
	</SOAP-ENV:Header>
	<SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
		wsu:Id="XWSSGID-1194221692652-1805862999">
			<!-- BODY DETAILS GOES HERE -->
	</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

On the server side I have <xwss:RequireSignature requireTimestamp="false" /> in the policy file.

What am I missing?

[Arjen Poutsma]

Seems OK, or at least identical to the stuff I have in the WS-security unit tests. Try asking in the XWSS mailing lists, see https://xwss.dev.java.net/servlets/P...ailingListList. They are pretty helpful.

[rmilstead]

I have the same problem and have posted to xwss.dev.java.net as suggested by Arjen. If anybody has a solution for this, I would like to hear it.

My request:

Code:

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
  <SOAP-ENV:Header>
    <wsse:Security
      xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
      SOAP-ENV:mustUnderstand="1">
      <wsse:BinarySecurityToken
        xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
        EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
        ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
        wsu:Id="XWSSGID-1244653352022614773950"
        xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        MIIC/jCCAmegAwIBAgICAR4wDQYJKoZIhvcNAQEFBQAwgZgxCzAJBgNVBAYTAlVTMREwDwYDVQQI
        EwhWaXJnaW5pYTERMA8GA1UEBxMIU3RlcmxpbmcxEzARBgNVBAoTCkhSV29yWCBMTEMxEjAQBgNV
        BAsTCUNvcnBvcmF0ZTEWMBQGA1UEAxMNSFJXb3JYIFJvb3RDQTEiMCAGCSqGSIb3DQEJARYTc2Vj
        dXJpdHlAaHJ3b3J4LmNvbTAeFw0wOTA2MDgxNjMwMDRaFw0xMDA2MDgxNjMwMDRaMHMxCzAJBgNV
        BAYTAlVTMREwDwYDVQQIEwhWaXJnaW5pYTERMA8GA1UEBxMIU3RlcmxpbmcxEzARBgNVBAoTCkhS
        V29yWCBMTEMxEjAQBgNVBAsTCUNvcnBvcmF0ZTEVMBMGA1UEAxMMaHJ3b3J4Y2xpZW50MIGfMA0G
        CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCg+PXCkcmGSSd1TVDAHG4PJirTsISF/lU4a9OIMfJ+Y2/j
        VN9i1GAPwdP2znqx/kHZfC5pgvuyKs2Z7jkSek7wOybpMhIJIDyNFE0QsjLh7obOYi2Re+tJS4bq
        5iu5kjxPNhWKckb1Wq1t+VvUMKqr4QJCf6ijWMw7e7fJhK+AeQIDAQABo3sweTAJBgNVHRMEAjAA
        MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
        63CqMDkG2dsJuBajeePf2MJGmukwHwYDVR0jBBgwFoAUsa1+p800toyDK8gBK3VQy5HyJyowDQYJ
        KoZIhvcNAQEFBQADgYEAH7jyy2Y+l2Q09OdZiLaCxl9ErsPf9uOcfbIAjDzxtb8B1thoQvncxz/B
        J2yGOFJIt9Iq9AXeSKzp63Ril5G0l6wDxL8wE8CNddauKDfUJ/aRouUpTVbGylZ4/kPEWOnT031O
        +hXRYakLk4yeqIVvFICBu0CRJh9U6lNaVCCMlbc=
      </wsse:BinarySecurityToken>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod
            Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
          <ds:SignatureMethod
            Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
          <ds:Reference URI="#XWSSGID-1244653353166435706421">
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <ds:DigestValue>57wKFIJFhu8ULRCWxCVw+qlzNI4=
            </ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>
          ekEMQOoPWfJ1e12rE2g8QmVufFebx2GA0eoSmmBjRX2BwnLO0LngPi4R7PTQANHU1V4jD4YVyZwm
          4cEWcS02BuFQFawshi3PkjlZ3fdRIgIRVeYNxQskCCvrZVD9PpJ1vZBKYyiXVdo9l1kkzhAOhXcP
          id/K10mCqFYPjPw0IXI=</ds:SignatureValue>
        <ds:KeyInfo>
          <wsse:SecurityTokenReference
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
            wsu:Id="XWSSGID-1244653353122-578847870">
            <wsse:Reference URI="#XWSSGID-1244653352022614773950"
              ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
              xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" />
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
      </ds:Signature>
    </wsse:Security>
  </SOAP-ENV:Header>
  <SOAP-ENV:Body
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    wsu:Id="XWSSGID-1244653353166435706421">
  ... my body details ...
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>