WSS4JInInterceptor: The signature or decryption was invalid

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

WSS4JInInterceptor: The signature or decryption was invalid

chaij
I got this exception on the Camel CXF endpoint SOAP service side when try to add action "Signature" to the WSS4J interceptor.
A search on the web gives me this link:
http://stackoverflow.com/questions/21492255/cxf-client-ws-security-mtom-trouble

By disabling MTOM, it did resolve the problem. Is this a known issue? MTOM can't work together with Security?

Thanks!

org.apache.cxf.binding.soap.SoapFault: The signature or decryption was invalid
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:788)[162:org.apache.cxf.cxf-rt-ws-security:2.7.7]
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:336)[162:org.apache.cxf.cxf-rt-ws-security:2.7.7]
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95)[162:org.apache.cxf.cxf-rt-ws-security:2.7.7]
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)[122:org.apache.cxf.cxf-api:2.7.7]
        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)[122:org.apache.cxf.cxf-api:2.7.7]
        at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:355)[144:org.apache.cxf.cxf-rt-transports-http-jetty:2.7.7]
        at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:319)[144:org.apache.cxf.cxf-rt-transports-http-jetty:2.7.7]
        at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72)[144:org.apache.cxf.cxf-rt-transports-http-jetty:2.7.7]
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1040)[64:org.eclipse.jetty.server:7.6.8.v20121106]
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:976)[64:org.eclipse.jetty.server:7.6.8.v20121106]
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)[64:org.eclipse.jetty.server:7.6.8.v20121106]
        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)[64:org.eclipse.jetty.server:7.6.8.v20121106]
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)[64:org.eclipse.jetty.server:7.6.8.v20121106]
        at org.eclipse.jetty.server.Server.handle(Server.java:363)[64:org.eclipse.jetty.server:7.6.8.v20121106]
        at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:483)[64:org.eclipse.jetty.server:7.6.8.v20121106]
        at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:931)[64:org.eclipse.jetty.server:7.6.8.v20121106]
        at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:992)[64:org.eclipse.jetty.server:7.6.8.v20121106]
        at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:856)[60:org.eclipse.jetty.http:7.6.8.v20121106]
        at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)[60:org.eclipse.jetty.http:7.6.8.v20121106]
        at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)[64:org.eclipse.jetty.server:7.6.8.v20121106]
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)[59:org.eclipse.jetty.io:7.6.8.v20121106]
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)[59:org.eclipse.jetty.io:7.6.8.v20121106]
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)[58:org.eclipse.jetty.util:7.6.8.v20121106]
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)[58:org.eclipse.jetty.util:7.6.8.v20121106]
        at java.lang.Thread.run(Thread.java:662)[:1.6.0_29]
Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid
        at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:451)[159:org.apache.ws.security.wss4j:1.6.12]
        at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231)[159:org.apache.ws.security.wss4j:1.6.12]
        at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)[159:org.apache.ws.security.wss4j:1.6.12]
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:279)[162:org.apache.cxf.cxf-rt-ws-security:2.7.7]
        ... 23 more
Reply | Threaded
Open this post in threaded view
|

Re: WSS4JInInterceptor: The signature or decryption was invalid

dkulp@apache.org

On Mar 26, 2014, at 11:41 PM, chaij <[hidden email]> wrote:

> I got this exception on the Camel CXF endpoint SOAP service side when try to
> add action "Signature" to the WSS4J interceptor.
> A search on the web gives me this link:
> http://stackoverflow.com/questions/21492255/cxf-client-ws-security-mtom-trouble
>
> By disabling MTOM, it did resolve the problem. Is this a known issue? MTOM
> can't work together with Security?

Yes.     At this point with CXF, MTOM and WS-Security won’t work “compatibly” together.   It should work OK if it’s CXF on both sides of the wire, but keep in mind the attachments wouldn’t actually be signed or encrypted.

There’s a thread on the CXF list from last week talking a little about it:

http://cxf.547215.n5.nabble.com/Signed-encrypted-MTOM-tt5741665.html





Dan



>
> Thanks!
>
> org.apache.cxf.binding.soap.SoapFault: The signature or decryption was
> invalid
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:788)[162:org.apache.cxf.cxf-rt-ws-security:2.7.7]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:336)[162:org.apache.cxf.cxf-rt-ws-security:2.7.7]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95)[162:org.apache.cxf.cxf-rt-ws-security:2.7.7]
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)[122:org.apache.cxf.cxf-api:2.7.7]
> at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)[122:org.apache.cxf.cxf-api:2.7.7]
> at
> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:355)[144:org.apache.cxf.cxf-rt-transports-http-jetty:2.7.7]
> at
> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:319)[144:org.apache.cxf.cxf-rt-transports-http-jetty:2.7.7]
> at
> org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72)[144:org.apache.cxf.cxf-rt-transports-http-jetty:2.7.7]
> at
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1040)[64:org.eclipse.jetty.server:7.6.8.v20121106]
> at
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:976)[64:org.eclipse.jetty.server:7.6.8.v20121106]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)[64:org.eclipse.jetty.server:7.6.8.v20121106]
> at
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)[64:org.eclipse.jetty.server:7.6.8.v20121106]
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)[64:org.eclipse.jetty.server:7.6.8.v20121106]
> at
> org.eclipse.jetty.server.Server.handle(Server.java:363)[64:org.eclipse.jetty.server:7.6.8.v20121106]
> at
> org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:483)[64:org.eclipse.jetty.server:7.6.8.v20121106]
> at
> org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:931)[64:org.eclipse.jetty.server:7.6.8.v20121106]
> at
> org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:992)[64:org.eclipse.jetty.server:7.6.8.v20121106]
> at
> org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:856)[60:org.eclipse.jetty.http:7.6.8.v20121106]
> at
> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)[60:org.eclipse.jetty.http:7.6.8.v20121106]
> at
> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)[64:org.eclipse.jetty.server:7.6.8.v20121106]
> at
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)[59:org.eclipse.jetty.io:7.6.8.v20121106]
> at
> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)[59:org.eclipse.jetty.io:7.6.8.v20121106]
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)[58:org.eclipse.jetty.util:7.6.8.v20121106]
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)[58:org.eclipse.jetty.util:7.6.8.v20121106]
> at java.lang.Thread.run(Thread.java:662)[:1.6.0_29]
> Caused by: org.apache.ws.security.WSSecurityException: The signature or
> decryption was invalid
> at
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:451)[159:org.apache.ws.security.wss4j:1.6.12]
> at
> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231)[159:org.apache.ws.security.wss4j:1.6.12]
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)[159:org.apache.ws.security.wss4j:1.6.12]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:279)[162:org.apache.cxf.cxf-rt-ws-security:2.7.7]
> ... 23 more
>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/WSS4JInInterceptor-The-signature-or-decryption-was-invalid-tp5749409.html
> Sent from the Camel - Users mailing list archive at Nabble.com.

--
Daniel Kulp
[hidden email] - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com

Reply | Threaded
Open this post in threaded view
|

Re: WSS4JInInterceptor: The signature or decryption was invalid

chaij
Dan - I am using soapUI as a client to test this service. When the request comes in, it says signature value invalid.

This only occurs if I have a binary content attachment in the SOAP body.

Do you know it would be a CXF related issue or soapUI issue?

It is hard to tell for me.

Thanks!
Reply | Threaded
Open this post in threaded view
|

Re: WSS4JInInterceptor: The signature or decryption was invalid

dkulp@apache.org

On Mar 27, 2014, at 6:12 PM, chaij <[hidden email]> wrote:

> Dan - I am using soapUI as a client to test this service. When the request
> comes in, it says signature value invalid.
>
> This only occurs if I have a binary content attachment in the SOAP body.
>
> Do you know it would be a CXF related issue or soapUI issue?

If there is a xop:include in there, then it’s definitely because CXF doesn’t support properly signing things when MTOM is turned on.  If it’s inlined as base64, it SHOULD be working fine and SOAP UI should be able to validate the signature.

Dan



> It is hard to tell for me.
>
> Thanks!
>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/WSS4JInInterceptor-The-signature-or-decryption-was-invalid-tp5749409p5749453.html
> Sent from the Camel - Users mailing list archive at Nabble.com.

--
Daniel Kulp
[hidden email] - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com

Reply | Threaded
Open this post in threaded view
|

Re: WSS4JInInterceptor: The signature or decryption was invalid

chaij
I am sending request from soapUI to Camel CXF endpoint.

I am adding signature for Timestamp and Body.

If there is no binary document content in body, everything is fine. But if there is and it is NOT XOP (type is CONTENT), I got the following error:

21:10:15,569 | WARN  | tp1413686165-175 | validate.SignatureTrustValidator  303 | 159 - org.apache.ws.security.wss4j - 1.6.12 | No Subject DN Certificate Constraints were defined. This could be a security issue
21:10:15,578 | WARN  | tp1413686165-175 | ecurity.wss4j.WSS4JInInterceptor  335 | 162 - org.apache.cxf.cxf-rt-ws-security - 2.7.7 |
org.apache.ws.security.WSSecurityException: The signature or decryption was invalid
        at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:451)[159:org.apache.ws.security.wss4j:1.6.12]
        at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231)[159:org.apache.ws.security.wss4j:1.6.12]
        at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)[159:org.apache.ws.security.wss4j:1.6.12]
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:279)[162:org.apache.cxf.cxf-rt-ws-security:2.7.7]
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95)[162:org.apache.cxf.cxf-rt-ws-security:2.7.7]
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)[122:org.apache.cxf.cxf-api:2.7.7]
        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)[122:org.apache.cxf.cxf-api:2.7.7]
        at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:355)[144:org.apache.cxf.cxf-rt-transports-http-jetty:2.7.7]
        at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:319)[144:org.apache.cxf.cxf-rt-transports-http-jetty:2.7.7]
        at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72)[144:org.apache.cxf.cxf-rt-transports-http-jetty:2.7.7]
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1040)[64:org.eclipse.jetty.server:7.6.8.v20121106]
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:976)[64:org.eclipse.jetty.server:7.6.8.v20121106]
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)[64:org.eclipse.jetty.server:7.6.8.v20121106]
        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)[64:org.eclipse.jetty.server:7.6.8.v20121106]
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)[64:org.eclipse.jetty.server:7.6.8.v20121106]
        at org.eclipse.jetty.server.Server.handle(Server.java:363)[64:org.eclipse.jetty.server:7.6.8.v20121106]
        at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:483)[64:org.eclipse.jetty.server:7.6.8.v20121106]
        at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:931)[64:org.eclipse.jetty.server:7.6.8.v20121106]
        at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:992)[64:org.eclipse.jetty.server:7.6.8.v20121106]
        at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:856)[60:org.eclipse.jetty.http:7.6.8.v20121106]
        at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)[60:org.eclipse.jetty.http:7.6.8.v20121106]
        at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)[64:org.eclipse.jetty.server:7.6.8.v20121106]
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)[59:org.eclipse.jetty.io:7.6.8.v20121106]
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)[59:org.eclipse.jetty.io:7.6.8.v20121106]
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)[58:org.eclipse.jetty.util:7.6.8.v20121106]
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)[58:org.eclipse.jetty.util:7.6.8.v20121106]
        at java.lang.Thread.run(Thread.java:662)[:1.6.0_29]
Reply | Threaded
Open this post in threaded view
|

Re: WSS4JInInterceptor: The signature or decryption was invalid

coheigea
Could you attach the SOAP-UI request that is failing? Even better could you
create a SOAP-UI project to reproduce the problem?

Colm.


On Fri, Mar 28, 2014 at 1:34 AM, chaij <[hidden email]> wrote:

> I am sending request from soapUI to Camel CXF endpoint.
>
> I am adding signature for Timestamp and Body.
>
> If there is no binary document content in body, everything is fine. But if
> there is and it is NOT XOP (type is CONTENT), I got the following error:
>
> 21:10:15,569 | WARN  | tp1413686165-175 | validate.SignatureTrustValidator
> 303 | 159 - org.apache.ws.security.wss4j - 1.6.12 | No Subject DN
> Certificate Constraints were defined. This could be a security issue
> 21:10:15,578 | WARN  | tp1413686165-175 | ecurity.wss4j.WSS4JInInterceptor
> 335 | 162 - org.apache.cxf.cxf-rt-ws-security - 2.7.7 |
> org.apache.ws.security.WSSecurityException: The signature or decryption was
> invalid
>         at
>
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:451)[159:org.apache.ws.security.wss4j:1.6.12]
>         at
>
> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231)[159:org.apache.ws.security.wss4j:1.6.12]
>         at
>
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)[159:org.apache.ws.security.wss4j:1.6.12]
>         at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:279)[162:org.apache.cxf.cxf-rt-ws-security:2.7.7]
>         at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95)[162:org.apache.cxf.cxf-rt-ws-security:2.7.7]
>         at
>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)[122:org.apache.cxf.cxf-api:2.7.7]
>         at
>
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)[122:org.apache.cxf.cxf-api:2.7.7]
>         at
>
> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:355)[144:org.apache.cxf.cxf-rt-transports-http-jetty:2.7.7]
>         at
>
> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:319)[144:org.apache.cxf.cxf-rt-transports-http-jetty:2.7.7]
>         at
>
> org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72)[144:org.apache.cxf.cxf-rt-transports-http-jetty:2.7.7]
>         at
>
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1040)[64:org.eclipse.jetty.server:7.6.8.v20121106]
>         at
>
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:976)[64:org.eclipse.jetty.server:7.6.8.v20121106]
>         at
>
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)[64:org.eclipse.jetty.server:7.6.8.v20121106]
>         at
>
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)[64:org.eclipse.jetty.server:7.6.8.v20121106]
>         at
>
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)[64:org.eclipse.jetty.server:7.6.8.v20121106]
>         at
>
> org.eclipse.jetty.server.Server.handle(Server.java:363)[64:org.eclipse.jetty.server:7.6.8.v20121106]
>         at
>
> org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:483)[64:org.eclipse.jetty.server:7.6.8.v20121106]
>         at
>
> org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:931)[64:org.eclipse.jetty.server:7.6.8.v20121106]
>         at
>
> org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:992)[64:org.eclipse.jetty.server:7.6.8.v20121106]
>         at
>
> org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:856)[60:org.eclipse.jetty.http:7.6.8.v20121106]
>         at
>
> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)[60:org.eclipse.jetty.http:7.6.8.v20121106]
>         at
>
> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)[64:org.eclipse.jetty.server:7.6.8.v20121106]
>         at
>
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)[59:org.eclipse.jetty.io:7
> .6.8.v20121106]
>         at
>
> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)[59:org.eclipse.jetty.io:7
> .6.8.v20121106]
>         at
>
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)[58:org.eclipse.jetty.util:7.6.8.v20121106]
>         at
>
> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)[58:org.eclipse.jetty.util:7.6.8.v20121106]
>         at java.lang.Thread.run(Thread.java:662)[:1.6.0_29]
>
>
>
> --
> View this message in context:
> http://camel.465427.n5.nabble.com/WSS4JInInterceptor-The-signature-or-decryption-was-invalid-tp5749409p5749459.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: WSS4JInInterceptor: The signature or decryption was invalid

chaij
eDocumentServiceDDCWithSecurity-sample-soapui-project.xml

Thanks for looking into it. I have attached the soapui project.
Reply | Threaded
Open this post in threaded view
|

Re: WSS4JInInterceptor: The signature or decryption was invalid

coheigea
Ok I've looked into it. It appears to be a bug in SOAP UI, where it is
digesting only the reference to the attachment in the SOAP Body, even
though it is actually sending the correctly inlined attachment. For
example, from the logs:

<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-6E1D62DCD3FA513B7A13962858310015"><edoc:uploadFormDocument
xmlns:edoc="http://cmp.vba.va.gov/external/eDocumentService/"><edoc:formDocument
ID="1" Veteran_Person_ID="1234567890" actionable="false" externalID="100"
filename="fw4.pdf" newMail="false" veteranFirstName="Will"
veteranLastName="Hard" veteranMiddleName="Work"><cmp:docContent xmlns:cmp="
http://cmp.vba.va.gov/cmp
">cid:fw4-1.pdf</cmp:docContent></edoc:formDocument></edoc:uploadFormDocument></soapenv:Body>

The docContent should contain the inlined BASE-64 encoded attachment
instead of the reference here. CXF can handle this correctly. I will send
you a simple maven-based project that shows how to do this.

Colm.


On Fri, Mar 28, 2014 at 4:11 PM, chaij <[hidden email]> wrote:

> eDocumentServiceDDCWithSecurity-sample-soapui-project.xml
> <
> http://camel.465427.n5.nabble.com/file/n5749509/eDocumentServiceDDCWithSecurity-sample-soapui-project.xml
> >
>
> Thanks for looking into it. I have attached the soapui project.
>
>
>
> --
> View this message in context:
> http://camel.465427.n5.nabble.com/WSS4JInInterceptor-The-signature-or-decryption-was-invalid-tp5749409p5749509.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: WSS4JInInterceptor: The signature or decryption was invalid

chaij
Thanks, that solves the mystery!
Reply | Threaded
Open this post in threaded view
|

Re: WSS4JInInterceptor: The signature or decryption was invalid

chaij
This post was updated on .
Dan - Thanks for your help. I was able to use POJO format instead of CXF_MESSAGE format to work with WSS4J.

I suggest to really beef up the documentation for CXF component. Especially for this following line, it leads me to believe that in order to work with interceptors, I would have to use CXF_MESSAGE format. And apart from this line, there is no any other information regarding this format.

CXF_MESSAGE
New in Camel 2.8.2, CXF_MESSAGE allows for invoking the full capabilities of CXF interceptors by converting the message from the transport layer into a raw SOAP message