Any Axis expert can help in this case?

R

raymond.mh.ng

Recently I find a problem when using WSS4J to receive response back
from BEA WLI server.
The EncryptedKey tag of the response message from WLI server look like
the following ...


==================================================================
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>

<dsig:KeyInfo
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:KeyName>CN=nowclient,
OU=pccw, O=pccw, L=hk, ST=hk, C=hk
</dsig:KeyName>
</dsig:KeyInfo>

<xenc:CipherData>
<xenc:CipherValue>n+SWt/StoosaSP/WkOhKaYri7aMRxncarq0gdfgU0UZ5G5pgAMHSX0JdYxR5mxAAXABzkg5BBmBDasg3G0uE++zBEhcrtCAdH3Uk8UD0w8u5r/jaIGDkzkoF3D5s1H+xT/T3zEdNss/CNBk0VnQI9sWmGGgwxr/6Q4zrn/w3w/8=
</xenc:CipherValue>
</xenc:CipherData>

<xenc:ReferenceList>
<xenc:DataReference URI="#Id-Vf8rsB9mBndXWXqgzHvrPP8C"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
==================================================================

However, WSS4J (wsdl4j-1.5.1.jar) return the following error message

==================================================================
org.apache.ws.security.WSSecurityException: An error was discovered
processing the <wsse:Security> header. (WSSecurityEngine: EncryptedKey
does not contain ds:KeyInfo/wsse:SecurityTokenReference)
==================================================================


After I investigate the source code of WSS4J, I find the following have
been commented out in line 145 of EncryptedKeyProcessor.java

==================================================================
/*
* EncryptedKey must a a STR as child of KeyInfo,
KeyName
* valid only for EncryptedData
*/
// if (secRefToken == null) {
// secRefToken = (Element)
WSSecurityUtil.getDirectChild(keyInfo,
// "KeyName", WSConstants.SIG_NS);
// }
==================================================================



Which implied that only X509KeyIdentifier is supported for the response
message (not the IssuerSerial). However, BEA only support IssuerSerial.
Any way I can configure WSS4J (e.g. through the .wsdd file) to support
BEA's reply message?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,733
Messages
2,569,440
Members
44,830
Latest member
ZADIva7383

Latest Threads

Top