- SwA profile 1.1 with Wss4jSecurityInterceptor

[elfogre]

Hello Spring-ws comunity,

I'm using spring-ws to develope an AS4 server. Everything works correct (SAAJ + Wss4j2) except when I want to sign/encrypt Soap attachments in a request. When I try it, I get an error:

Caused by: org.apache.wss4j.common.ext.WSSecurityException: Error during Signature: at org.apache.wss4j.dom.action.SignatureAction.execute(SignatureAction.java:162) at org.apache.wss4j.dom.handler.WSHandler.doSenderAction(WSHandler.java:234) at org.springframework.ws.soap.security.wss4j2.Wss4jHandler.doSenderAction(Wss4jHandler.java:63) at org.springframework.ws.soap.security.wss4j2.Wss4jSecurityInterceptor.secureMessage(Wss4jSecurityInterceptor.java:563) ... 32 common frames omitted Caused by: org.apache.wss4j.common.ext.WSSecurityException: Cannot setup signature data structure at org.apache.wss4j.dom.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:208) at org.apache.wss4j.dom.message.WSSecSignature.addReferencesToSign(WSSecSignature.java:412) at org.apache.wss4j.dom.action.SignatureAction.execute(SignatureAction.java:147) ... 35 common frames omitted Caused by: org.apache.wss4j.common.ext.WSSecurityException: no attachment callbackhandler supplied at org.apache.wss4j.dom.message.WSSecSignatureBase.addAttachmentReferences(WSSecSignatureBase.java:228) at org.apache.wss4j.dom.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:111) ... 37 common frames omitted

Wss4j2 needs an attachmentCallbackHandler to work, but it can't be set it via Wss4jSecurityInterceptor. I've add a new field, it's setter and I add a line in initializeRequestData method to set it in the request. After this I could sign without problems attachments in SOAP.

A SAAJ attachmentCallbackHandler implementation with its test is also included in the pull request.

[pivotal-issuemaster]

@elfogre Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

[pivotal-issuemaster]

@elfogre Thank you for signing the Contributor License Agreement!

[veithen]

Shouldn't this use the MimeMessage API so that it works with both SAAJ and Axiom?

[elfogre]

My first approach was with org.springframework.ws.mime.Attachment instead of SAAJ dependant AttachmentPart . However there is a design problem with org.springframework.ws.mime.Attachment that requires a big change. I'll try to explain:

• Attachment interface declare getters for attachment contentId, contentType and InputStream for the content itself, but it lacks for a getter for mimeHeaders (like Content-Transfer-Encoding or Content-Location).

• Axiom implementation of attachment (org.springframework.ws.soap.axiom.AxiomAttachment) stores all its data in a String for contentId and a DataHandler for contentType and content itself. There is no space for mime headers.

• Saaj implementation (org.springframework.ws.soap.saaj.SaajAttachment) stores its data in a javax.xml.soap.AttachmentPart that have accessors for mime Headers.

As I need all attachment mime-headers to be correctly processed in the attachmentCallbackHandler, I can't use Axiom and I have to access javax.xml.soap.AttachmentPart in SAAJ implementation. This is the reason why this callback is only for SAAJ.

If we write accesors for mime-header in Attachment interface and in saaj and axiom attachment implementations, we can easily change this CallbackHandler to use SoapMessage API.

I can write that code if you think it's useful