Mar 25th, 2009, 07:25 AM
SOAP body attributes are mangled between client and server
I am writing a SOA application using Spring-WS. At server side I use the Wss4jSecurityInterceptor to verify the signature/digest on a message. At client side, I use my subclass of WebServiceGatewaySupport to send the message to the server. This client also uses Wss4jSecurityInterceptor to calculate the signature/digest on the outgoing message. When such a message is sent to the server, it is rejected because the digests do no match. The reason for this is that the attributes in the SOAP-ENV:Body tag are mangled by the time they reach the DigesterOutputStream.
This is the body tag as it is received by the WebServiceTemplate:
<SOAP-ENV:Body wsu:Id="id-17678065" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
By the time it gets to the DigesterOutputStream, it has been changed to
<SOAP-ENV:Body xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-17678065">
The part in bold has been mysteriously added between the point of reception and the point of submitting the body to the DigesterOutputstream. Additionally, as you can see, the order of the attributes has also been changed. wsu:Id= is now at the beginning of the tag, rather than the end.
All these changes result in my messagedigest being calculated at server side on a different string than at client side. Evidently signature verification fails.
Can someone point me in the right direction as to what could cause this?
Thanks in advance for the help!