Namespace changing with XWSS secured messages
Hello,
I have a client sending signed SOAP messages using the XwsSecurityInterceptor but the server after the message signature is verified, is not routing to the correct (payload) endpoint. Looking at the payload after the signature verification is complete, I can see that the namespace of the message we used in the request is getting blanked out and also other attributes are getting added as well.
Here is the SOAP message from the client:
The namespace we use to route to the endpoint is xmlns="urn:B2C:Customer:PAP:ActivityStatementReque st_v1.0" which is in the message on the ActivityStatementRequest payload element in the soap body. However, it is missing on the server:Code:INFO: ==== Sending Message Start ==== <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1"> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="XWSSGID-1213323935616761466631">MIICzjCCAjcCCQDKOSruUPzf2TANBgkqhkiG9w0BAQUFADCBpzELMAkGA1UEBhMCQVUxFjAUBgNV BAgTDU5ld1NvdXRoV2FsZXMxEDAOBgNVBAcTB05vcndlc3QxFjAUBgNVBAoTDVdvb2x3b3J0aHNM dGQxDDAKBgNVBAsTA0lDQzEZMBcGA1UEAxMQTm9uUHJvZFNpZ25pbmdDQTEtMCsGCSqGSIb3DQEJ ARYeYWJyaWdodG1vb3JlQHdvb2x3b3J0aHMuY29tLmF1MB4XDTA4MDYxMTAyNTYxNVoXDTA4MDcx MTAyNTYxNVowga4xCzAJBgNVBAYTAkFVMRYwFAYDVQQIEw1OZXdTb3V0aFdhbGVzMQ8wDQYDVQQH EwZTeWRuZXkxFjAUBgNVBAoTDVdvb2x3b3J0aHNMdGQxDTALBgNVBAsTBEFEQ0MxIDAeBgNVBAMT F05vblByb2RQQVBTU2lnbjIwMDgwNjExMS0wKwYJKoZIhvcNAQkBFh5hYnJpZ2h0bW9vcmVAd29v bHdvcnRocy5jb20uYXUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL4cCNsj4icWYpk467L9 wfexCSw9QywugZVY+dfSKglgOR+V/ZXxz8dBY2TJezRoiecMrCSo8dYFYqPz5jroBBt5zgOZQkdt ff4k4dLPOwbCLmFkyT90CWHoPn1w8yCFJK1UMRp6zejpltBLjxIZYB2f8BmJGC5ixohg3XqxRPhx AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAoG4E9FG9GFyn7QikO8V+sq1GqnGgnLur9k2ClB0Fye6D /hP+WmLu1Jjgv+8bseTpKewcucIBVXh4wupWPL9YWhVdj0ZRkN4pi1935FB2nhUwdAY2OPXbtTNE RmQV4JTDwT0UIM1tvHWw66nQdnGFoJOBG3LscfQsVYSbvOjBx5I=</wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#XWSSGID-12133239412411266694577"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> <ds:XPath>./SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/ds:Signature[1]/ds:KeyInfo/wsse:SecurityTokenReference</ds:XPath> </ds:Transform> <ds:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform"> <wsse:TransformationParameters> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </wsse:TransformationParameters> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>2jmj7l5rSw0yVb/vlWAYkK/YBwk=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>QnS4SXbnvdclfot20xCVOdv1kQrbjr0mbCEMSp9ylQYo7os4SZL86NyoPXw22HpBanpOKOmYYRwm p3WuRDmH+fsEzOFcxqIuF/K8J1m2yiBMFojRxVb0HTESCl6nhxR4XxIWhQ9jAtXqckkcDdt9GO1L D0Q2M+qxtcGh5Cft1A8=</ds:SignatureValue> <ds:KeyInfo> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-12133239411791943987162"> <wsse:Reference URI="#XWSSGID-1213323935616761466631" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </SOAP-ENV:Header> <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-12133239412411266694577"> <ActivityStatementRequest xmlns="urn:B2C:Customer:PAP:ActivityStatementRequest_v1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" dateTime="2008-03-04T08:20:06.123456" sequenceNumber="44527670" xsi:schemaLocation="urn:B2C:Customer:PAP:ActivityStatementRequest_v1.0 C:\projects\pap\pap-core\src\main\resources\xsd\portal\Portal-ActivityStatement.xsd"> <DateRange fromDate="2008-03-04" toDate="2008-05-21"/> <CardInfo tokenNumber="99999987777777777777"/> <CardInfo tokenNumber="99999986666666666666"/> </ActivityStatementRequest> </SOAP-ENV:Body> </SOAP-ENV:Envelope> ==== Sending Message End ====
The payload extracted out by my endpoint exception resolver looks like this:Code:INFO: ==== Received Message Start ==== <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1"> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="XWSSGID-1213323374040257701632">MIICzjCCAjcCCQDKOSruUPzf2TANBgkqhkiG9w0BAQUFADCBpzELMAkGA1UEBhMCQVUxFjAUBgNV BAgTDU5ld1NvdXRoV2FsZXMxEDAOBgNVBAcTB05vcndlc3QxFjAUBgNVBAoTDVdvb2x3b3J0aHNM dGQxDDAKBgNVBAsTA0lDQzEZMBcGA1UEAxMQTm9uUHJvZFNpZ25pbmdDQTEtMCsGCSqGSIb3DQEJ ARYeYWJyaWdodG1vb3JlQHdvb2x3b3J0aHMuY29tLmF1MB4XDTA4MDYxMTAyNTYxNVoXDTA4MDcx MTAyNTYxNVowga4xCzAJBgNVBAYTAkFVMRYwFAYDVQQIEw1OZXdTb3V0aFdhbGVzMQ8wDQYDVQQH EwZTeWRuZXkxFjAUBgNVBAoTDVdvb2x3b3J0aHNMdGQxDTALBgNVBAsTBEFEQ0MxIDAeBgNVBAMT F05vblByb2RQQVBTU2lnbjIwMDgwNjExMS0wKwYJKoZIhvcNAQkBFh5hYnJpZ2h0bW9vcmVAd29v bHdvcnRocy5jb20uYXUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL4cCNsj4icWYpk467L9 wfexCSw9QywugZVY+dfSKglgOR+V/ZXxz8dBY2TJezRoiecMrCSo8dYFYqPz5jroBBt5zgOZQkdt ff4k4dLPOwbCLmFkyT90CWHoPn1w8yCFJK1UMRp6zejpltBLjxIZYB2f8BmJGC5ixohg3XqxRPhx AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAoG4E9FG9GFyn7QikO8V+sq1GqnGgnLur9k2ClB0Fye6D /hP+WmLu1Jjgv+8bseTpKewcucIBVXh4wupWPL9YWhVdj0ZRkN4pi1935FB2nhUwdAY2OPXbtTNE RmQV4JTDwT0UIM1tvHWw66nQdnGFoJOBG3LscfQsVYSbvOjBx5I=</wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#XWSSGID-1213323376289497205683"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> <ds:XPath>./SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/ds:Signature[1]/ds:KeyInfo/wsse:SecurityTokenReference</ds:XPath> </ds:Transform> <ds:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform"> <wsse:TransformationParameters> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </wsse:TransformationParameters> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>2jmj7l5rSw0yVb/vlWAYkK/YBwk=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>LqOvkNKpzTJ66CYAr10MDQlXzJjw81KuvXMC4KvzU4m9lDdYgiVdA+QyHqOo7OE8QZfPfwWoQ9Vq kJ20bk+eJGhQ/JEyPvISi74Q0CW6ZGo+ph2ffy/8qNNxdj2OyIxw0qn1TosPU5p+iQYG27OLAHUd 8RKed1SG1e9TXfczGvM=</ds:SignatureValue> <ds:KeyInfo> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1213323376211997721545"> <wsse:Reference URI="#XWSSGID-1213323374040257701632" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </SOAP-ENV:Header> <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1213323376289497205683"> <ActivityStatementRequest xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" dateTime="2008-03-04T08:20:06.123456" sequenceNumber="936197564" xsi:schemaLocation="urn:B2C:Customer:PAP:ActivityStatementRequest_v1.0 C:\projects\pap\pap-core\src\main\resources\xsd\portal\Portal-ActivityStatement.xsd"> <DateRange fromDate="2008-03-04" toDate="2008-05-21"/> <CardInfo tokenNumber="99999987777777777777"/> <CardInfo tokenNumber="99999986666666666666"/> </ActivityStatementRequest> </SOAP-ENV:Body> </SOAP-ENV:Envelope> ==== Received Message End ====
Am I missing some configuration in the interceptor or policy files?Code:<?xml version="1.0" encoding="UTF-8"?><ActivityStatementRequest xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" dateTime="2008-03-04T08:20:06.123456" sequenceNumber="936197564" xmlns="" xsi:schemaLocation="urn:B2C:Customer:PAP:ActivityStatementRequest_v1.0 C:\projects\pap\pap-core\src\main\resources\xsd\portal\Portal-ActivityStatement.xsd"> ... </ActivityStatementRequest>
Thanks
Alan
Reply With Quote
