[8.1.0.CR1][8.1.0.CR2] WS-Security incoming XML(request)signature validation problem
magowy May 13, 2014 10:57 AMI'm developing and application(web services) with enabled WS-Security (request/response signature ). Client implementation file are generated as CXF artifacts from WSDL.
When application in run on Wildfly 8.0.0 everythink is ok. But on 8.1.0.CR1 8.1.0.CR2 signature validation fails on server side with message (The signature or decryption was invalid). Keystore/trust store are the same and are loaded properly.
As a client I use (for tests) SOUPUI 4.6.2 with configured outgoing WSS. There where any changes in WS-Security module in 8.1.0 ?
Below an exception from server.log
2014-05-13 15:44:06,290 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMReference] (default task-1) Expected digest: vtU+R6sx2DPgvIbyOwg7QBszFMrhAdvhCvyT1e4B+JQ= 2014-05-13 15:44:06,290 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMReference] (default task-1) Actual digest: Ob3MjaGZysaxRf6LyLKLR6madutOpH8nFxkzPvbABUA= 2014-05-13 15:44:06,290 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature] (default task-1) Reference[#id-55] is valid: false 2014-05-13 15:44:06,291 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature] (default task-1) Couldn't validate the References 2014-05-13 15:44:06,291 DEBUG [org.apache.ws.security.processor.SignatureProcessor] (default task-1) XML Signature verification has failed 2014-05-13 15:44:06,291 DEBUG [org.apache.ws.security.processor.SignatureProcessor] (default task-1) Signature Validation check: true 2014-05-13 15:44:06,291 DEBUG [org.apache.ws.security.processor.SignatureProcessor] (default task-1) Reference #id-55 check: false 2014-05-13 15:44:06,293 WARNING [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] (default task-1) : org.apache.ws.security.WSSecurityException: The signature or decryption was invalid at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:451) [wss4j-1.6.14.jar:1.6.14] at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231) [wss4j-1.6.14.jar:1.6.14] at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) [wss4j-1.6.14.jar:1.6.14] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270) at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:120) at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:105) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239) at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:93) at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:133) at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:88) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206) at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final] at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:136) at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.2.2.Final.jar:2.2.2.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final] at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:168) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_45] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_45] at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]
I think problem may be in xml Canonicalization method because soupui request is little bit different than XML found in servel log
On client side looks like
<soapenv:Body wsu:Id="id-55" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
Server side log
2014-05-13 15:44:06,287 DEBUG [org.apache.jcp.xml.dsig.internal.DigesterOutputStream] (default task-1) Pre-digested input: 2014-05-13 15:44:06,287 DEBUG [org.apache.jcp.xml.dsig.internal.DigesterOutputStream] (default task-1) <soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v1r3="http://www.hp.com/mobicore/services/iss/v1r3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-55"> (rest of an XML looks same as client sied)
Used WS-Policies in attachemt(policy.txt)
Server log
2014-05-13 15:44:06,263 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive" 2014-05-13 15:44:06,263 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) The NodeList is [ds:CanonicalizationMethod: null] 2014-05-13 15:44:06,264 DEBUG [org.apache.xml.security.utils.ElementProxy] (default task-1) setElement(ds:CanonicalizationMethod, "null" 2014-05-13 15:44:06,264 DEBUG [org.apache.jcp.xml.dsig.internal.dom.ApacheCanonicalizer] (default task-1) Created transform for algorithm: http://www.w3.org/2001/10/xml-exc-c14n# 2014-05-13 15:44:06,264 DEBUG [org.apache.jcp.xml.dsig.internal.dom.ApacheCanonicalizer] (default task-1) isNodeSet() = true 2014-05-13 15:44:06,267 DEBUG [org.apache.xml.security.utils.ElementProxy] (default task-1) setElement("ec:InclusiveNamespaces", "null") 2014-05-13 15:44:06,276 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo] (default task-1) Canonicalized SignedInfo: 2014-05-13 15:44:06,276 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo] (default task-1) (removed) 2014-05-13 15:44:06,277 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo] (default task-1) Data to be signed/verified:(removed) 2014-05-13 15:44:06,283 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMReference] (default task-1) URIDereferencer class name: org.apache.jcp.xml.dsig.internal.dom.DOMURIDereferencer 2014-05-13 15:44:06,283 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMReference] (default task-1) Data class name: org.apache.jcp.xml.dsig.internal.dom.ApacheNodeSetData 2014-05-13 15:44:06,285 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive" 2014-05-13 15:44:06,285 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) The NodeList is [ds:Transform: null] 2014-05-13 15:44:06,286 DEBUG [org.apache.xml.security.utils.ElementProxy] (default task-1) setElement(ds:Transform, "null" 2014-05-13 15:44:06,286 DEBUG [org.apache.jcp.xml.dsig.internal.dom.ApacheCanonicalizer] (default task-1) Created transform for algorithm: http://www.w3.org/2001/10/xml-exc-c14n# 2014-05-13 15:44:06,286 DEBUG [org.apache.jcp.xml.dsig.internal.dom.ApacheCanonicalizer] (default task-1) ApacheData = true 2014-05-13 15:44:06,286 DEBUG [org.apache.xml.security.utils.ElementProxy] (default task-1) setElement("ec:InclusiveNamespaces", "null") 2014-05-13 15:44:06,287 DEBUG [org.apache.jcp.xml.dsig.internal.DigesterOutputStream] (default task-1) Pre-digested input: 2014-05-13 15:44:06,287 DEBUG [org.apache.jcp.xml.dsig.internal.DigesterOutputStream] (default task-1) <soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v1r3="http://www.hp.com/mobicore/services/iss/v1r3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-55"> (rest of an XML) 2014-05-13 15:44:06,290 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMReference] (default task-1) Expected digest: vtU+R6sx2DPgvIbyOwg7QBszFMrhAdvhCvyT1e4B+JQ= 2014-05-13 15:44:06,290 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMReference] (default task-1) Actual digest: Ob3MjaGZysaxRf6LyLKLR6madutOpH8nFxkzPvbABUA= 2014-05-13 15:44:06,290 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature] (default task-1) Reference[#id-55] is valid: false 2014-05-13 15:44:06,291 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature] (default task-1) Couldn't validate the References 2014-05-13 15:44:06,291 DEBUG [org.apache.ws.security.processor.SignatureProcessor] (default task-1) XML Signature verification has failed 2014-05-13 15:44:06,291 DEBUG [org.apache.ws.security.processor.SignatureProcessor] (default task-1) Signature Validation check: true 2014-05-13 15:44:06,291 DEBUG [org.apache.ws.security.processor.SignatureProcessor] (default task-1) Reference #id-55 check: false 2014-05-13 15:44:06,293 WARNING [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] (default task-1) : org.apache.ws.security.WSSecurityException: The signature or decryption was invalid at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:451) [wss4j-1.6.14.jar:1.6.14] at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231) [wss4j-1.6.14.jar:1.6.14] at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) [wss4j-1.6.14.jar:1.6.14] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270) at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:120) at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:105) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239) at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:93) at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:133) at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:88) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206) at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final] at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:136) at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.2.2.Final.jar:2.2.2.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final] at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:168) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_45] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_45] at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45] 2014-05-13 15:44:06,317 FINE [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor@3ff23b51 2014-05-13 15:44:06,317 FINE [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor@e3f7d41 2014-05-13 15:44:06,317 FINE [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.ws.mex.MEXInInterceptor@37910cd5 2014-05-13 15:44:06,317 FINE [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.jboss.wsf.stack.cxf.interceptor.EnableDecoupledFaultInterceptor@5af25a7 2014-05-13 15:44:06,318 FINE [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor@18472fff 2014-05-13 15:44:06,318 FINE [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor@44d28296 2014-05-13 15:44:06,318 FINE [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor@13681cfd 2014-05-13 15:44:06,318 FINE [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.binding.soap.saaj.SAAJInInterceptor$SAAJPreInInterceptor@544e4733 2014-05-13 15:44:06,318 FINE [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.frontend.WSDLGetInterceptor@21fd9c 2014-05-13 15:44:06,318 FINE [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.interceptor.StaxInInterceptor@3dd27837 2014-05-13 15:44:06,318 FINE [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.transport.https.CertConstraintsInterceptor@4936b658 2014-05-13 15:44:06,318 FINE [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.interceptor.AttachmentInInterceptor@13e19073 2014-05-13 15:44:06,318 FINE [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.jboss.wsf.stack.cxf.interceptor.EndpointAssociationInterceptor@3a71ce8b 2014-05-13 15:44:06,318 FINE [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.ws.policy.PolicyInInterceptor@34b87697 2014-05-13 15:44:06,319 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Interceptor for {http://www.hp.com/mobicore/services/iss/v1r3}IssAuthService has thrown exception, unwinding now: org.apache.cxf.binding.soap.SoapFault: The signature or decryption was invalid at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:844) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:327) at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:120) at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:105) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239) at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:93) at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:133) at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:88) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206) at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final] at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:136) at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.2.2.Final.jar:2.2.2.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final] at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:168) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_45] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_45] at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45] Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:451) [wss4j-1.6.14.jar:1.6.14] at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231) [wss4j-1.6.14.jar:1.6.14] at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) [wss4j-1.6.14.jar:1.6.14] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270) ... 39 more
-
policy.txt.zip 542 bytes