X509 Certificate validation with AcegiCertificateValidationCallBackHandler
Hi,
I am new with Spring Web service and Acegi Security. I am having trouble with validating x509 certificates. The truststore and the keystore appear to be properly configured. It works well when I used it with a SAAJ server and a SAAJ client. I am not sure what I need to do to fix this error. Any help will be appreciated. I have attached the security config xml file and Below is the error message I am getting:
Here is the xml config for the security:Code:SEVERE: WSS1364: Unable to validate certificate Apr 8, 2008 4:17:23 PM com.sun.xml.wss.impl.dsig.KeySelectorImpl resolve SEVERE: WSS1353: Error occurred while resolving key information com.sun.xml.wss.impl.WssSoapFaultException: Certificate validation failed at com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:318) at com.sun.xml.wss.impl.dsig.KeySelectorImpl.resolveToken(KeySelectorImpl.java:1237) at com.sun.xml.wss.impl.dsig.KeySelectorImpl.resolve(KeySelectorImpl.java:628) at com.sun.xml.wss.impl.dsig.KeySelectorImpl.select(KeySelectorImpl.java:235) at org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(DOMXMLSignature.java:494) at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:247) at com.sun.xml.wss.impl.dsig.SignatureProcessor.verify(SignatureProcessor.java:781) at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:457) at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93) at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:263) at com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:848) at com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:810) at com.sun.xml.wss.impl.SecurityRecipient.validateMessage(SecurityRecipient.java:256) at com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:144) at org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor.validateMessage(XwsSecurityInterceptor.java:154) at org.springframework.ws.soap.security.AbstractWsSecurityInterceptor.handleRequest(AbstractWsSecurityInterceptor.java:75) at org.springframework.ws.server.MessageDispatcher.dispatch(MessageDispatcher.java:207) at org.springframework.ws.server.MessageDispatcher.receive(MessageDispatcher.java:162) at org.springframework.ws.transport.support.WebServiceMessageReceiverObjectSupport.handleConnection(WebServiceMessageReceiverObjectSupport.java:87) at org.springframework.ws.transport.http.WebServiceMessageReceiverHandlerAdapter.handle(WebServiceMessageReceiverHandlerAdapter.java:57) at org.springframework.ws.transport.http.MessageDispatcherServlet.doService(MessageDispatcherServlet.java:197) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:475) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:440) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:265) at org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:107) at org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:72) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275) at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275) at org.acegisecurity.ui.x509.X509ProcessingFilter.doFilter(X509ProcessingFilter.java:138) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275) at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:149) at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) at java.lang.Thread.run(Unknown Source) Apr 8, 2008 4:17:23 PM com.sun.xml.wss.impl.dsig.KeySelectorImpl select SEVERE: WSS1352: Exception occured in Key selection
HTML Code:<!-- ===================== WS-SECURITY SETUP ============================== --> <bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor"> <property name="policyConfiguration" value="classpath:com/mycompany/ws/security/securityPolicy.xml" /> <property name="callbackHandlers"> <list> <ref bean="keyStoreHandler" /> <ref bean="acegiCertificateHandler" /> </list> </property> </bean> <!-- ======================== ACEGI AUTHENTICATION ======================= --> <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener" /> <bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler"> <property name="trustStore" ref="trustStore" /> <property name="keyStore" ref="keyStore"/> </bean> <bean id="keyStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean"> <property name="location" value="classpath:serverks.jks"/> <property name="password" value="changeit"/> </bean> <bean id="trustStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean"> <property name="location" value="classpath:servercacert.jks" /> <property name="password" value="changeit" /> </bean> <bean id="acegiCertificateHandler" class="org.springframework.ws.soap.security.xwss.callback.acegi.AcegiCertificateValidationCallbackHandler"> <property name="authenticationManager" ref="authenticationManagerForWS" /> </bean> <bean id="authenticationManagerForWS" class="org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref local="x509AuthenticationProvider"/> </list> </property> </bean> <bean id="x509AuthenticationProvider" class="org.acegisecurity.providers.x509.X509AuthenticationProvider"> <property name="x509AuthoritiesPopulator"><ref local="x509AuthoritiesPopulator"/></property> </bean> <bean id="x509AuthoritiesPopulator" class="org.acegisecurity.providers.x509.populator.DaoX509AuthoritiesPopulator"> <property name="userDetailsService"><ref local="securityService"/></property> </bean>
Reply With Quote