Results 1 to 2 of 2

Thread: Signature verification using Spring WS 1.0 + Castor XML 1.1.1 + XWSS 3.0

  1. Apr 21st, 2009, 02:13 AM #1
    afborroy
    afborroy is offline Junior Member
    Join Date
    Dec 2007
    Location
    Zaragoza, Spain
    Posts
    17

    Default Signature verification using Spring WS 1.0 + Castor XML 1.1.1 + XWSS 3.0

    I'm using a standard web service client extending WebServiceGatewaySupport which perform XWSS Signature on messages.

    If I use XMLBeans for marshalling the code works fine, but if I use Castor for marshalling, WebSphere 6.1 returns following error:
    Code:
    org.springframework.ws.soap.client.SoapFaultClientException: com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5620E: Error verifying signature: Core validity=false Signed info validity=true Signed info message='null' Ref[java.util.HashMap$KeyIterator@4bfc4bfc](validity=false message='Digest value mismatch: calculated: NoZcIy+Zua1zYIetixBt2Kogfe8=' uri='#XWSSGID-12402971827962088034037' type='null').
    It's just the same code with different marshalling setters.

    Even I've forced UTF-8 encoding for messages without success.

    Thanks in advance.
    Reply With Quote Reply With Quote
  2. Apr 21st, 2009, 06:20 AM #2
    afborroy
    afborroy is offline Junior Member
    Join Date
    Dec 2007
    Location
    Zaragoza, Spain
    Posts
    17

    Default Solution

    Maybe this is now the best solution, but it works.

    It seems setting UTF-8 to message it's not enough. So, I'm encoding the SAAJ Message before doing the signature.

    Something like this.

    Code:
    Object result = wst.marshalSendAndReceive(input,
    new WebServiceMessageCallback() {
  
      public void doWithMessage(WebServiceMessage message) throws IOException {
        
        SaajSoapMessage saajSoapMessage = (SaajSoapMessage) message;
        SaajSoapMessage wsm = null;

        // UTF-8 encoding
        try {
          ByteArrayOutputStream os = new ByteArrayOutputStream();
          message.writeTo(os);
          StringBuilder sm = new StringBuilder(os.toString());
          os.close();
          ByteArrayInputStream is = new ByteArrayInputStream(sm.toString().getBytes("UTF-8"));
          wsm = (SaajSoapMessage)getWebServiceTemplate().getMessageFactory().createWebServiceMessage(is);
          saajSoapMessage.setSaajMessage(wsm.getSaajMessage());
          is.close();
        } catch (Exception e) {
          e.printStackTrace();
        }

        SOAPMessage saajMessage = saajSoapMessage.getSaajMessage();
        try {
          ProcessingContext context = new ProcessingContext();
          context.setSOAPMessage(saajMessage);
          SOAPMessage securedMessage = cprocessor.secureOutboundMessage(context);
          saajSoapMessage.setSaajMessage(securedMessage);
        } catch (XWSSecurityException e) {
          throw new XwsSecuritySecurementException(e.getMessage());
        }

      }
    });
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules