1 Reply Latest reply on Sep 14, 2006 1:41 PM by Thomas Diesler

    WS Security - wsu:Timestamp/@wsu:Id incorrectly implemented

    Mario Van Vlasselaer Newbie

      When calling the HelloService from the 'simple sign' example of jbossws-samples-1.0.3.GA\wssecurity, a WSSecurityException is thrown indicating the Timestamp element is missing an Id. This error only occurs when the webservice client is generated by JDeveloper since it does not generate a wsu:id. When creating a client using jboss' wsse client configuration, the wsu:id does get generated in the soap message and the call succeeds without any problems.

      According to http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf this id should be optional:

      /wsu:Timestamp/@wsu:Id
      1863 This optional attribute specifies an XML Schema ID that can be used to reference this
      1864 element (the timestamp). This is used, for example, to reference the timestamp in a XML
      1865 Signature.


      However looking at the source for org.jboss.ws.wsse.element.Timestamp, id is being handled as required.
      if (id == null || id.length() == 0)
       throw new WSSecurityException("Invalid message, Timestamp is missing an id");
      


      So my question is: Is this a bug in JBossws' implementation of the WS Security spec or am I looking at the wrong spec/version?

      Thanks,
      Mario
       ERROR [org.jboss.ws.wsse.WSSecurityDispatcher] Internal error occured handling inbound message:
      org.jboss.ws.wsse.WSSecurityException: Invalid message, Timestamp is missing an id
       at org.jboss.ws.wsse.element.Timestamp.<init>(Timestamp.java:66)
       at org.jboss.ws.wsse.element.SecurityHeader.<init>(SecurityHeader.java:85)
       at org.jboss.ws.wsse.SecurityDecoder.decode(SecurityDecoder.java:182)
       at org.jboss.ws.wsse.WSSecurityDispatcher.handleInbound(WSSecurityDispatcher.java:143)
       at org.jboss.ws.wsse.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:68)
       at org.jboss.ws.wsse.WSSecurityHandlerInbound.handleRequest(WSSecurityHandlerInbound.java:42)
       at org.jboss.ws.handler.HandlerWrapper.handleRequest(HandlerWrapper.java:121)
       at org.jboss.ws.handler.HandlerChainBaseImpl.handleRequest(HandlerChainBaseImpl.java:245)
       at org.jboss.ws.handler.ServerHandlerChain.handleRequest(ServerHandlerChain.java:53)
       at org.jboss.ws.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointInvoker.java:224)
       at org.jboss.ws.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:97)
       at org.jboss.ws.server.ServiceEndpoint.handleRequest(ServiceEndpoint.java:209)
       at org.jboss.ws.server.ServiceEndpointManager.processSOAPRequest(ServiceEndpointManager.java:355)
       at org.jboss.ws.server.StandardEndpointServlet.doPost(StandardEndpointServlet.java:115)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
       at org.jboss.ws.server.StandardEndpointServlet.service(StandardEndpointServlet.java:76)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
       at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
       at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
       at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
       at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
       at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
       at java.lang.Thread.run(Thread.java:595)