[jira] Created: (CXF-2547) AsymmetricBindingHandler doesn't add value(s) for SignatureConfirmation check (Client Side Problem)

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[jira] Created: (CXF-2547) AsymmetricBindingHandler doesn't add value(s) for SignatureConfirmation check (Client Side Problem)

JIRA jira@apache.org
AsymmetricBindingHandler doesn't add value(s) for SignatureConfirmation check (Client Side Problem)
---------------------------------------------------------------------------------------------------

                 Key: CXF-2547
                 URL: https://issues.apache.org/jira/browse/CXF-2547
             Project: CXF
          Issue Type: Bug
          Components: WS-* Components
         Environment: System:
2.6.28-15-generic #52-Ubuntu SMP Wed Sep 9 10:48:52 UTC 2009 x86_64 GNU/Linux

Java:
java version "1.6.0_16"
Java(TM) SE Runtime Environment (build 1.6.0_16-b01)
Java HotSpot(TM) 64-Bit Server VM (build 14.2-b01, mixed mode)

Apache CXF 2.2.3 (not in version list)
            Reporter: Christian Connert


If a WS-Security-Policy contains an AsymmetricBinding which requires a <sp:RequireSignatureConfirmation/> the AsymmetricBindingHandler doesn't add the byte value of the signatures to the  protected Vector<byte[]> signatures of the AbstractBindingBuilder. Thus when parsing the response the WSHanlder throws an exception:

org.apache.cxf.binding.soap.SoapFault: WSHandler: Check Signature confirmation: got a SC element, but no stored SV
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:547)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:308)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:77)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:236)
        at org.apache.servicemix.cxfbc.CxfBcProviderMessageObserver.onMessage(CxfBcProviderMessageObserver.java:129)
        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2139)
        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2022)
        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1947)
        at org.apache.servicemix.cxfbc.CxfBcProvider.process(CxfBcProvider.java:235)
        at org.apache.servicemix.common.AsyncBaseLifeCycle.doProcess(AsyncBaseLifeCycle.java:627)
        at org.apache.servicemix.common.AsyncBaseLifeCycle.processExchange(AsyncBaseLifeCycle.java:581)
        at org.apache.servicemix.common.AsyncBaseLifeCycle.onMessageExchange(AsyncBaseLifeCycle.java:535)
        at org.apache.servicemix.common.SyncLifeCycleWrapper.onMessageExchange(SyncLifeCycleWrapper.java:60)
        at org.apache.servicemix.jbi.messaging.DeliveryChannelImpl.processInBound(DeliveryChannelImpl.java:623)
        at org.apache.servicemix.jbi.nmr.flow.AbstractFlow.doRouting(AbstractFlow.java:172)
        at org.apache.servicemix.jbi.nmr.flow.seda.SedaFlow.doRouting(SedaFlow.java:168)
        at org.apache.servicemix.jbi.nmr.flow.seda.SedaQueue$1.run(SedaQueue.java:134)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        ... 1 more
Caused by: org.apache.ws.security.WSSecurityException: WSHandler: Check Signature confirmation: got a SC element, but no stored SV
        at org.apache.ws.security.handler.WSHandler.checkSignatureConfirmation(WSHandler.java:375)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:223)
        ... 18 more



--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Resolved: (CXF-2547) AsymmetricBindingHandler doesn't add value(s) for SignatureConfirmation check (Client Side Problem)

JIRA jira@apache.org

     [ https://issues.apache.org/jira/browse/CXF-2547?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Daniel Kulp resolved CXF-2547.
------------------------------

       Resolution: Fixed
    Fix Version/s: 2.2.6
         Assignee: Daniel Kulp

> AsymmetricBindingHandler doesn't add value(s) for SignatureConfirmation check (Client Side Problem)
> ---------------------------------------------------------------------------------------------------
>
>                 Key: CXF-2547
>                 URL: https://issues.apache.org/jira/browse/CXF-2547
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>         Environment: System:
> 2.6.28-15-generic #52-Ubuntu SMP Wed Sep 9 10:48:52 UTC 2009 x86_64 GNU/Linux
> Java:
> java version "1.6.0_16"
> Java(TM) SE Runtime Environment (build 1.6.0_16-b01)
> Java HotSpot(TM) 64-Bit Server VM (build 14.2-b01, mixed mode)
> Apache CXF 2.2.3 (not in version list)
>            Reporter: Christian Connert
>            Assignee: Daniel Kulp
>             Fix For: 2.2.6
>
>
> If a WS-Security-Policy contains an AsymmetricBinding which requires a <sp:RequireSignatureConfirmation/> the AsymmetricBindingHandler doesn't add the byte value of the signatures to the  protected Vector<byte[]> signatures of the AbstractBindingBuilder. Thus when parsing the response the WSHanlder throws an exception:
> org.apache.cxf.binding.soap.SoapFault: WSHandler: Check Signature confirmation: got a SC element, but no stored SV
> at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:547)
> at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:308)
> at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:77)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:236)
> at org.apache.servicemix.cxfbc.CxfBcProviderMessageObserver.onMessage(CxfBcProviderMessageObserver.java:129)
> at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2139)
> at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2022)
> at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1947)
> at org.apache.servicemix.cxfbc.CxfBcProvider.process(CxfBcProvider.java:235)
> at org.apache.servicemix.common.AsyncBaseLifeCycle.doProcess(AsyncBaseLifeCycle.java:627)
> at org.apache.servicemix.common.AsyncBaseLifeCycle.processExchange(AsyncBaseLifeCycle.java:581)
> at org.apache.servicemix.common.AsyncBaseLifeCycle.onMessageExchange(AsyncBaseLifeCycle.java:535)
> at org.apache.servicemix.common.SyncLifeCycleWrapper.onMessageExchange(SyncLifeCycleWrapper.java:60)
> at org.apache.servicemix.jbi.messaging.DeliveryChannelImpl.processInBound(DeliveryChannelImpl.java:623)
> at org.apache.servicemix.jbi.nmr.flow.AbstractFlow.doRouting(AbstractFlow.java:172)
> at org.apache.servicemix.jbi.nmr.flow.seda.SedaFlow.doRouting(SedaFlow.java:168)
> at org.apache.servicemix.jbi.nmr.flow.seda.SedaQueue$1.run(SedaQueue.java:134)
> at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> ... 1 more
> Caused by: org.apache.ws.security.WSSecurityException: WSHandler: Check Signature confirmation: got a SC element, but no stored SV
> at org.apache.ws.security.handler.WSHandler.checkSignatureConfirmation(WSHandler.java:375)
> at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:223)
> ... 18 more

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.