[#XFIRE-900] Fault with Ws-Security : message not signed, when an exception is thrown by the service

XFire

Fault with Ws-Security : message not signed, when an exception is thrown by the service

Created: 28/Feb/07 10:30 AM Updated: 15/Mar/07 04:53 AM

Component/s:

Core

Affects Version/s:

1.2.4

Fix Version/s:

1.2.5

Time Tracking:

Not Specified

File Attachments:	1. services.xml (1 kb) 2. XfireTest.java (4 kb)
Environment:	Windows 2000, Tomcat 5.5, Java 1.5

Description

« Hide

org.codehaus.xfire.XFireRuntimeException: Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: Request does not contain required Security header
org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:92)
org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)
$Proxy12.rechercherPatrimoine(Unknown Source)
net.gicm.astral.test.XfireTest.test(XfireTest.java:65)
org.apache.jsp.index_jsp._jspService(index_jsp.java:48)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:334)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

You can find client code + service.xml in attachment.

I have tried to add a <faultHandlers> in service.xml, but it doesn't work. Below what i have added in service.xml, but without success :

<faultHandlers>
<handler handlerClass="org.codehaus.xfire.util.dom.DOMOutHandler" />
<bean class="org.codehaus.xfire.security.wss4j.WSS4JOutHandler" xmlns="">
<property name="properties">
<props>
<prop key="action">Signature</prop>
<prop key="signaturePropFile">service.properties</prop>
<prop key="signatureKeyIdentifier">DirectReference</prop>
<prop key="passwordCallbackClass">net.gicm.astral.handler.PasswordHandler</prop>
<prop key="user">Service</prop>
</props>
</property>
</bean>
</faultHandlers>

It is the same problem that is described in http://www.nabble.com/ws-security--exception-fault-handling-tf2241051.html#a6215424.

Description

I have followed the instructions found in page http://xfire.codehaus.org/WS-Security to sign my messages from client to service and from service to client, and it works fine ! But when an exception is thrown by the service, the message is not signed, and the following stack trace is displayed by the client : org.codehaus.xfire.XFireRuntimeException: Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: Request does not contain required Security header org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:92) org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57) $Proxy12.rechercherPatrimoine(Unknown Source) net.gicm.astral.test.XfireTest.test(XfireTest.java:65) org.apache.jsp.index_jsp._jspService(index_jsp.java:48) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:334) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) You can find client code + service.xml in attachment. I have tried to add a <faultHandlers> in service.xml, but it doesn't work. Below what i have added in service.xml, but without success : <faultHandlers> <handler handlerClass="org.codehaus.xfire.util.dom.DOMOutHandler" /> <bean class="org.codehaus.xfire.security.wss4j.WSS4JOutHandler" xmlns=""> <property name="properties"> <props> <prop key="action">Signature</prop> <prop key="signaturePropFile">service.properties</prop> <prop key="signatureKeyIdentifier">DirectReference</prop> <prop key="passwordCallbackClass">net.gicm.astral.handler.PasswordHandler</prop> <prop key="user">Service</prop> </props> </property> </bean> </faultHandlers> It is the same problem that is described in http://www.nabble.com/ws-security--exception-fault-handling-tf2241051.html#a6215424.

Show »

All

Comments

Work Log

Change History

Sort Order:

Ascending order - Click to sort in descending order

[ Permlink | « Hide ]

Tomasz Sztelak - 28/Feb/07 10:57 AM

You have currently 2 way to solve this:
1. you can add DOMOutHandler and WSS4J handler to global fault handler chain ( <xfire> <faultHandlers> .. ) , if you can have security configured per all services
2. If you need security configuration per service, then you can DOMOutHandler to global fault handler and WSS4J handler to serivce fault handlers list.

3. Wait few days till 1.2.5 will be released, and then you can add DOMFaulthandler to service fault handlers.

[ Permlink | « Hide ]

Tomasz Sztelak - 28/Feb/07 10:58 AM

Duplicate of ~~XFIRE-890~~

[ Permlink | « Hide ]

Raphaël Corre - 15/Mar/07 04:53 AM

Using Xfire 1.2.4, I've succeeded doing this with a services.xml. The problem is that on service side, I throw a FaultInfoException with a detail, and on client side I catch a XFireRuntimeException without this detail. No way to get the detail exception !

The second problem is that using Xfire 1.2.5, there is a regression =>I have the message : Unexpected EOF in prolog
at [row,col {unknown-source}]: [1,0]
Differences between my tests in 1.2.4 and 1.2.5 : wss4j-1.5.0.jar => wss4j-1.5.1.jar, xbean-spring-2.7.jar => xbean-spring-2.8.jar, xfire-all-1.2.4.jar =>xfire-all-1.2.5.jar

Conclusion : there are 2 problems (bugs ?)

My services.xml :
<beans xmlns="http://xfire.codehaus.org/config/1.0">
<xfire>
<inHandlers>
<handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" />
<bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns="">
<property name="properties">
<props>
<prop key="action">Signature</prop>
<prop key="signaturePropFile">service.properties</prop>
<prop key="passwordCallbackClass">net.xxx.astral.handler.PasswordHandler</prop>
</props>
</property>
</bean>
<handler handlerClass="net.xxx.astral.handler.SecurityHandler" />
</inHandlers>
<outHandlers>
<handler handlerClass="org.codehaus.xfire.util.dom.DOMOutHandler" />
<bean class="org.codehaus.xfire.security.wss4j.WSS4JOutHandler" xmlns="">
<property name="properties">
<props>
<prop key="action">Signature</prop>
<prop key="signaturePropFile">service.properties</prop>
<prop key="signatureKeyIdentifier">DirectReference</prop>
<prop key="passwordCallbackClass">net.xxx.astral.handler.PasswordHandler</prop>
<prop key="user">wsopcvm</prop>
</props>
</property>
</bean>
</outHandlers>
<faultHandlers>
<handler handlerClass="org.codehaus.xfire.util.dom.DOMOutHandler" />
<bean class="org.codehaus.xfire.security.wss4j.WSS4JOutHandler" xmlns="">
<property name="properties">
<props>
<prop key="action">Signature</prop>
<prop key="signaturePropFile">service.properties</prop>
<prop key="signatureKeyIdentifier">DirectReference</prop>
<prop key="passwordCallbackClass">net.xxx.astral.handler.PasswordHandler</prop>
<prop key="user">wsopcvm</prop>
</props>
</property>
</bean>
</faultHandlers>
</xfire>

<service>
<name>Patrimoine</name>
<namespace>http://astral.xxx.net/Patrimoine</namespace>
<serviceClass>net.xxx.astral.service.PatrimoineImpl</serviceClass>
<serviceFactory>jsr181</serviceFactory>
</service>
</beans>

[ Show » ]

Raphaël Corre - 15/Mar/07 04:53 AM Using Xfire 1.2.4, I've succeeded doing this with a services.xml. The problem is that on service side, I throw a FaultInfoException with a detail, and on client side I catch a XFireRuntimeException without this detail. No way to get the detail exception ! The second problem is that using Xfire 1.2.5, there is a regression =>I have the message : Unexpected EOF in prolog at [row,col {unknown-source}]: [1,0] Differences between my tests in 1.2.4 and 1.2.5 : wss4j-1.5.0.jar => wss4j-1.5.1.jar, xbean-spring-2.7.jar => xbean-spring-2.8.jar, xfire-all-1.2.4.jar =>xfire-all-1.2.5.jar Conclusion : there are 2 problems (bugs ?) My services.xml : <beans xmlns="http://xfire.codehaus.org/config/1.0"> <xfire> <inHandlers> <handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" /> <bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns=""> <property name="properties"> <props> <prop key="action">Signature</prop> <prop key="signaturePropFile">service.properties</prop> <prop key="passwordCallbackClass">net.xxx.astral.handler.PasswordHandler</prop> </props> </property> </bean> <handler handlerClass="net.xxx.astral.handler.SecurityHandler" /> </inHandlers> <outHandlers> <handler handlerClass="org.codehaus.xfire.util.dom.DOMOutHandler" /> <bean class="org.codehaus.xfire.security.wss4j.WSS4JOutHandler" xmlns=""> <property name="properties"> <props> <prop key="action">Signature</prop> <prop key="signaturePropFile">service.properties</prop> <prop key="signatureKeyIdentifier">DirectReference</prop> <prop key="passwordCallbackClass">net.xxx.astral.handler.PasswordHandler</prop> <prop key="user">wsopcvm</prop> </props> </property> </bean> </outHandlers> <faultHandlers> <handler handlerClass="org.codehaus.xfire.util.dom.DOMOutHandler" /> <bean class="org.codehaus.xfire.security.wss4j.WSS4JOutHandler" xmlns=""> <property name="properties"> <props> <prop key="action">Signature</prop> <prop key="signaturePropFile">service.properties</prop> <prop key="signatureKeyIdentifier">DirectReference</prop> <prop key="passwordCallbackClass">net.xxx.astral.handler.PasswordHandler</prop> <prop key="user">wsopcvm</prop> </props> </property> </bean> </faultHandlers> </xfire> <service> <name>Patrimoine</name> <namespace>http://astral.xxx.net/Patrimoine</namespace> <serviceClass>net.xxx.astral.service.PatrimoineImpl</serviceClass> <serviceFactory>jsr181</serviceFactory> </service> </beans>