[jboss-user] [JBossWS] - WS Security - wsu:Timestamp/@wsu:Id incorrectly implemented

mariovvl do-not-reply at jboss.com
Fri Sep 8 17:10:28 EDT 2006 

When calling the HelloService from the 'simple sign' example of jbossws-samples-1.0.3.GA\wssecurity, a WSSecurityException is thrown indicating the Timestamp element is missing an Id. This error only occurs when the webservice client is generated by JDeveloper since it does not generate a wsu:id. When creating a client using jboss' wsse client configuration, the wsu:id does get generated in the soap message and the call succeeds without any problems. 

According to http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf  this id should be optional:

anonymous wrote : /wsu:Timestamp/@wsu:Id
  | 1863 This optional attribute specifies an XML Schema ID that can be used to reference this
  | 1864 element (the timestamp). This is used, for example, to reference the timestamp in a XML
  | 1865 Signature.
  | 

However looking at the source for org.jboss.ws.wsse.element.Timestamp, id is being handled as required. 

  | if (id == null || id.length() == 0)
  |          throw new WSSecurityException("Invalid message, Timestamp is missing an id");
  | 

So my question is: Is this a bug in JBossws' implementation of the WS Security spec or am I looking at the wrong spec/version?

Thanks,
  Mario

  |  ERROR [org.jboss.ws.wsse.WSSecurityDispatcher] Internal error occured handling inbound message:
  | org.jboss.ws.wsse.WSSecurityException: Invalid message, Timestamp is missing an id
  | 	at org.jboss.ws.wsse.element.Timestamp.<init>(Timestamp.java:66)
  | 	at org.jboss.ws.wsse.element.SecurityHeader.<init>(SecurityHeader.java:85)
  | 	at org.jboss.ws.wsse.SecurityDecoder.decode(SecurityDecoder.java:182)
  | 	at org.jboss.ws.wsse.WSSecurityDispatcher.handleInbound(WSSecurityDispatcher.java:143)
  | 	at org.jboss.ws.wsse.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:68)
  | 	at org.jboss.ws.wsse.WSSecurityHandlerInbound.handleRequest(WSSecurityHandlerInbound.java:42)
  | 	at org.jboss.ws.handler.HandlerWrapper.handleRequest(HandlerWrapper.java:121)
  | 	at org.jboss.ws.handler.HandlerChainBaseImpl.handleRequest(HandlerChainBaseImpl.java:245)
  | 	at org.jboss.ws.handler.ServerHandlerChain.handleRequest(ServerHandlerChain.java:53)
  | 	at org.jboss.ws.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointInvoker.java:224)
  | 	at org.jboss.ws.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:97)
  | 	at org.jboss.ws.server.ServiceEndpoint.handleRequest(ServiceEndpoint.java:209)
  | 	at org.jboss.ws.server.ServiceEndpointManager.processSOAPRequest(ServiceEndpointManager.java:355)
  | 	at org.jboss.ws.server.StandardEndpointServlet.doPost(StandardEndpointServlet.java:115)
  | 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
  | 	at org.jboss.ws.server.StandardEndpointServlet.service(StandardEndpointServlet.java:76)
  | 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
  | 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
  | 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
  | 	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
  | 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
  | 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
  | 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
  | 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
  | 	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
  | 	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
  | 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
  | 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
  | 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
  | 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
  | 	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
  | 	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
  | 	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
  | 	at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
  | 	at java.lang.Thread.run(Thread.java:595)
  | 


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3970455#3970455

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3970455

More information about the jboss-user mailing list