10

350 Bounty and waffles to the person who can help me!

I have been struggling with Spring Web Service encryption for days and I can't figure out how to get Spring's encryption on the message body to work. Whenever I have the server encrypt the resulting message the client doesn't seem to be decrypting it before it attempts to validate it against the Schema (XSD).

Here is the server side configuration

The server's xwss security configuration

The client's Spring configuration

Client's xwss configuration

What I can do is encrypt the user token and decrypt it successfully. I do that when sending data from the client to the server. The server then decrypts the user token and authenticates the user credentials, that works quite well.

The problem occurs if I try and encrypt the body of the message coming back. The issue occurs on the client side. It seems the client is trying to validate the message before it decrypts it, and hence an error occurs when validating against the schema.

[Fatal Error] :1:192: The prefix "ns0" for element "ns0:HolidayListResponse" is not bound.
11-Dec-2009 7:45:32 AM com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor decryptElementWithCipher
SEVERE: WSS1203: Exception [ The prefix "ns0" for element "ns0:HolidayListResponse" is not bound. ] while trying to decrypt message

And here is the SOAP response itself.

And here is the marshalling mapping file

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapping PUBLIC "-//EXOLAB/Castor Mapping DTD Version 1.0//EN"
                         "http://castor.org/mapping.dtd">
<mapping>
    <field-handler name="dateHandler" class="com.mycompany.hr.handlers.DateFieldHandler" />
    <field-handler name="dateHandler2" class="com.mycompany.hr.handlers.DateFieldHandler" />
    <class name="com.mycompany.hr.data.Holiday">
        <map-to ns-uri="http://mycompany.com/hr/schemas" ns-prefix="ns0" xml="Holiday" />
        <field name="from" type="string" handler="dateHandler">
            <bind-xml name="StartDate" node="element" />
        </field>
        <field name="to" type="string" handler="dateHandler2">
            <bind-xml name="EndDate" node="element" />
        </field>
    </class>
    <class name="com.mycompany.hr.data.Employee">
        <map-to ns-uri="http://mycompany.com/hr/schemas" ns-prefix="ns0" xml="Employee" />
        <field name="number" type="java.lang.Integer">
            <bind-xml name="Number" node="element" />
        </field>
        <field name="firstName" type="java.lang.String">
            <bind-xml name="FirstName" node="element" />
        </field>
        <field name="lastName" type="java.lang.String">
            <bind-xml name="LastName" node="element" />
        </field>
    </class>
    <class name="com.mycompany.hr.data.HolidayRequest">
        <map-to ns-uri="http://mycompany.com/hr/schemas" ns-prefix="ns0" xml="HolidayRequest" />
        <field name="holiday" type="com.mycompany.hr.data.Holiday">
            <bind-xml name="Holiday" node="element" />
        </field>
        <field name="employee" type="com.mycompany.hr.data.Employee">
            <bind-xml name="Employee" node="element" />
        </field>
    </class>

    <class name="com.mycompany.hr.data.HolidayConfirmation">
        <map-to ns-uri="http://mycompany.com/hr/schemas" ns-prefix="ns0" xml="HolidayConfirmation" />
        <field name="confirmationCode" type="java.lang.Integer">
            <bind-xml name="ConfirmationCode" node="element" />
        </field>
        <field name="confirmationMessage" type="java.lang.String">
            <bind-xml name="ConfirmationMessage" node="element" />
        </field>
    </class>

    <class name="com.mycompany.hr.data.HolidayResponse">
        <map-to ns-uri="http://mycompany.com/hr/schemas" ns-prefix="ns0" xml="HolidayResponse" />
        <field name="confirmation" type="com.mycompany.hr.data.HolidayConfirmation">
            <bind-xml name="HolidayConfirmation" node="element" />
        </field>
    </class>
    <class name="com.mycompany.hr.data.HolidayListRequest">
        <map-to ns-uri="http://mycompany.com/hr/schemas" ns-prefix="ns0" xml="HolidayListRequest" />
        <field name="id" type="java.lang.Integer">
            <bind-xml name="userId" node="element" />
        </field>
    </class>
    <class name="com.mycompany.hr.data.HolidayListResponse">
        <map-to ns-uri="http://mycompany.com/hr/schemas" ns-prefix="ns0" xml="HolidayListResponse" />
        <field name="holidays" type="com.mycompany.hr.data.Holiday" collection="vector">
            <bind-xml name="Holiday" node="element" />
        </field>
    </class>
</mapping>

I know it's a lot of information, but I figured I would provide everything. Is my encryption setup correct? Is it not possible encrypt the body of the message and decrypt it on the client side? At this point I am open to almost any suggestion.

sorin
  • 161,544
  • 178
  • 535
  • 806
Zoidberg
  • 10,137
  • 2
  • 31
  • 53
  • you still haven't given the whole info ;) Give the full stacktrace (or at least cut it at a meaningful place, not the beginning) – Bozho Dec 14 '09 at 12:28
  • Thats all I get for an error. I don't get a whole stack trace. The stack trace I get is it trying to validate the message against the XSD, which won't work on encrypted data. – Zoidberg Dec 14 '09 at 13:19
  • It sounds like the DecryptionProcessor wants to know the schema of what it is decrypting, but doesn't. In your client's spring xml I don't see the "schema" references being used somewhere... – Fried Hoeben Dec 14 '09 at 15:27
  • I tried taking encryption/decryption off, and it didn't have any problem receiving the message. I will see if I can access the decryptor to give it the schema. – Zoidberg Dec 14 '09 at 15:56
  • The error you're getting almost seems to indicate that ns0 isn't defined inside the message packet (like a missing xmlns:ns0="...") in the message. – Mark Elliot Dec 18 '09 at 14:01
  • The thing that gets me, is it works fine when encryption is not applied. – Zoidberg Dec 18 '09 at 14:04
  • Please note, that regardless of whether I use the marshaller or not, it still gives me the same error message. – Zoidberg Dec 18 '09 at 14:25

2 Answers2

2

Take a look at CastorMarshaller properties, and attempt setting some of the "ignoring" ones to true (in your <bean id="castorMarshaller"). For example set:

<property name="validating" value="false" />
<property name="suppressNamespaces" value="true" />
<property name="ignoreExtraElements" value="true" />

One of those might do it.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Bozho
  • 588,226
  • 146
  • 1,060
  • 1,140
  • When I get a chance I will try that and let you know. Thanks. – Zoidberg Jan 04 '10 at 12:16
  • Sorry for the lack of response, our focus has shifted from this to other priorities right now and I have been pretty busy. I will up-vote this answer, because it does look like the right one. Once i do have a chance to try it, I will let you know if it works or not. Thanks again for the response. – Zoidberg Feb 24 '10 at 12:10
0

Are you certain 

 <property name="xsd" value="classpath:src/java/hr.xsd"/>

is being resolved properly?

The error you're getting indicates it can't find how to handle that element. You wouldn't be seeing the element name and prefix if the response wasn't getting decrypted.

Are you able to validate and run the web service without encryption?

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Keibosh
  • 1,237
  • 1
  • 9
  • 18
  • Yes, i am able to run it successfully without encryption. It knows about ns0:HolidayListResponse because the schema requires it to be the top level element in the response, but the message is encrypted, so it doesn't see that top level element. As for the xsd property, yes it is resolving properly, spring start paths right from class path. I tried changing the path and I get an error on startup if it cannot find the XSD file. – Zoidberg Dec 15 '09 at 11:28