Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Interoperability issue with .NET WCF service and Java client while using transaction flow and #375

Open
Tomas-Kraus opened this issue Jun 2, 2022 · 0 comments
Open

Interoperability issue with .NET WCF service and Java client while using transaction flow and #375

Tomas-Kraus opened this issue Jun 2, 2022 · 0 comments
Labels
Component: transaction Priority: Major Type: Bug

Comments

@Tomas-Kraus
Copy link
Member

Hi everyone, I have a problem invoking WCF .NET 3.5 WSHttpBinding web service method, where the binding TransactionFlow and the security bu using 509 Certificate with anonymous client is enabled but the transaction is not mandatory (only support), from a Metro 2.2.1u1 standalone client. If the TransactionFlow is disabled on the .NET web service, everything works just fine. Also, works by enabling TransactionFlow and disabling the security with 509 Certificates.

It doesn't with with both features enabled.

This is the error reported:

com.sun.xml.wss.impl.PolicyViolationException: com.sun.xml.wss.XWSSecurityException:

Encryption Policy verification error: Looking for an Encryption Element in Security header, but found
com.sun.xml.wss.impl.policy.mls.SignaturePolicy

at com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(MessagePolicyVerifier.java:151)

I don't have an application server so I'm trying to disable transactional support by passing the TransactionalFeature to the client as follow:

TransactionalFeature feature = new TransactionalFeature(false);
feature .setFlowType(TransactionFlowType.NEVER);
feature .setVersion(Version.WSAT10);
.
IService port = (IService)service.getPort(new QName(URL, BINDING), IService.class, feature);
.
I think that the problem could be the protection order (EncryptBeforeSign instead of SignBeforeEncrypt) or an issue with empty SOAP header fields because the WSDL, when transaction flow is enabled, includes this elements:

<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
sp:Body/
<sp:Header Name="CoordinationContext" Namespace="http://schemas.xmlsoap.org/ws/2004/10/wscoor"/>
<sp:Header Name="CoordinationContext" Namespace="http://docs.oasis-open.org/ws-tx/wscoor/2006/06"/>
<sp:Header Name="OleTxTransaction" Namespace="http://schemas.microsoft.com/ws/2006/02/tx/oletx"/>
<sp:Header Name="IssuedTokens" Namespace="http://schemas.xmlsoap.org/ws/2005/02/trust"/>
</sp:EncryptedParts>
.
that are not present when the transaction flow is disabled. In fact, there is no sp:EncryptedParts element.

Could anyone help me with this problem?
Does anybody know how to programmatically change the client protection order?

Affected Versions

[2.2.1]

Source: javaee/metro-wsit#1660
Author: glassfishrobot
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Component: transaction Priority: Major Type: Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Tomas-Kraus