Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-7172

Error Validating Signed MTOM Message CXF 3.0.6 and up

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Not A Problem
    • Affects Version/s: 3.0.6, 3.1.8
    • Fix Version/s: None
    • Component/s: WS-* Components
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      As explained :
      http://stackoverflow.com/questions/37308017/error-validating-signed-mtom-message-cxf-3-0-6-and-up

      I created a simple web service using CXF that has MTOM enabled, it also expects a time stamp and the body to be signed, it configured like this:

      @ComponentScan(basePackageClasses=

      {MyService.class}

      )
      @Configuration
      @ImportResource(

      { "classpath:META-INF/cxf/cxf.xml" }

      )
      public class CXFConfig {
      @Autowired
      Bus cxfBus;
      @Autowired
      MyService ws;

      @Bean
      public Endpoint endpoint()

      { EndpointImpl endpoint = new EndpointImpl(cxfBus, ws); endpoint.publish("/MyService"); SOAPBinding binding = (SOAPBinding)endpoint.getBinding(); binding.setMTOMEnabled(true); Map<String, Object> inProps = new HashMap<String, Object>(); inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE+" "+WSHandlerConstants.TIMESTAMP); inProps.put(WSHandlerConstants.SIG_PROP_FILE, "wsserver.properties"); WSS4JInInterceptor inc = new WSS4JInInterceptor(inProps); endpoint.getInInterceptors().add(inc); return endpoint; }

      }
      My Service Interface is:

      @WebService
      @Component
      public interface MyService {

      @WebMethod(action="doStuff")
      public String doStuff(@WebParam(name="FileData") MTOMMessage message) throws IOException;
      }
      My Data Type is:

      @XmlType
      @XmlAccessorType(XmlAccessType.FIELD)
      public class MTOMMessage {

      @XmlElement(name = "data", required = true)
      @XmlMimeType("text/xml")
      protected DataHandler data;

      @XmlElement(name = "FileName", required = true)
      protected String fileName;
      //Getters and Setters
      }
      I then have a client to call it:

      public static void main(String[] args) throws IOException {
      String xmlLoc = "classpath:com/avum/dasn/ws/test/client-context.xml";
      ClassPathXmlApplicationContext ctx = new ClassPathXmlApplicationContext(xmlLoc);
      MyService svc = ctx.getBean(MyService.class);
      MTOMMessage msg = new MTOMMessage();
      msg.setXmlData(new DataHandler(getURLForTestFile()));
      msg.setFileName("TestFileName");
      System.out.println(svc.doStuff(msg));
      }
      The client-context.xml looks like this:

      <jaxws:properties>
      <entry key="mtom-enabled" value="true"/>
      </jaxws:properties>
      <jaxws:outInterceptors>
      <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
      <constructor-arg>
      <map>
      <entry key="action" value="Signature Timestamp"/>
      <entry key="signaturePropFile" value="wsclient.properties"/>
      <entry key="user" value="ws-security" />
      <entry key="passwordCallbackClass" value="com.co.test.PasswordCallbackHandler"/>
      </map>
      </constructor-arg>
      </bean>
      <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
      </jaxws:outInterceptors>
      If I’m using CXF version 3.0.5 or lower this works fine. However if I use 3.0.6 or later I get “A security error was encountered when verifying the message.”. On the server I’m getting messages like “Couldn't validate the References”. This is because the server doesn’t get the same DigestValue that comes across in the ds:DigestValue element.

      I think it has something to do with the way MTOM message are handled by the server side code because if I disable MTOM (on the client and server) then it works fine. I’m not sure how to get this working in later versions of CXF. Does anyone have any ideas what I’m doing wrong?

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              slavus Hrvoje Slavicek
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: