You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Observed using the version of Metro released included in Glassfish 4.1. The log indicates Metro/2.3.1-b419 (branches/2.3.1.x-7937; 2014-08-04T08:11:03+0000). Investigated using the sources labeled 2.3.2-20150304.231348-334.
When validating the signature of a SOAP message signed by a public key that does not have a certificate in a TrustStore or CertStore provided by the CallbackHandler, a SEVERE error is logged of form:
WSS0216: An Error occurred using CallbackHandler for : Sun RSA public key, 2048 bits
modulus:
...
public exponent: ...
This seems to be coming from line 2231 of com.sun.xml.wss.impl.misc.WSITProviderSecurityEnvironment , in getCertificate(). The more meaningful exception thrown from there is logged as FINE in com.sun.xml.ws.security.opt.impl.incoming.Signature .process() line 289.
Other than the logged error, there does not seem to be any problems; the signature is validated properly and the SOAP message is received by our application code.
There are two related issues here:
1. I don't believe this is an error case. (For instance, in our use case, a certificate signed by a CA we trust is provided in the SOAP message.)
2. The SEVERE error logged does not provide any useful clues as to what the problem is or where it is occurring.
Observed using the version of Metro released included in Glassfish 4.1. The log indicates Metro/2.3.1-b419 (branches/2.3.1.x-7937; 2014-08-04T08:11:03+0000). Investigated using the sources labeled 2.3.2-20150304.231348-334.
When validating the signature of a SOAP message signed by a public key that does not have a certificate in a TrustStore or CertStore provided by the CallbackHandler, a SEVERE error is logged of form:
This seems to be coming from line 2231 of com.sun.xml.wss.impl.misc.WSITProviderSecurityEnvironment , in getCertificate(). The more meaningful exception thrown from there is logged as FINE in com.sun.xml.ws.security.opt.impl.incoming.Signature .process() line 289.
Other than the logged error, there does not seem to be any problems; the signature is validated properly and the SOAP message is received by our application code.
There are two related issues here:
1. I don't believe this is an error case. (For instance, in our use case, a certificate signed by a CA we trust is provided in the SOAP message.)
2. The SEVERE error logged does not provide any useful clues as to what the problem is or where it is occurring.
Affected Versions
[2.3.1]
Source: javaee/metro-wsit#1692
Author: glassfishrobot
The text was updated successfully, but these errors were encountered: