[
https://issues.apache.org/jira/browse/CXF-5317?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jesse Pangburn updated CXF-5317:
--------------------------------
Description:
I had a working WS-Policy which was encrypting the SOAP body with a
UsernameToken using Basic128 encryption, then I modified the policy to use
Basic256 encryption instead. I got the following stack trace cause:
Caused by: org.apache.cxf.ws.policy.PolicyException: Cannot encrypt data
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:294)
Since the exception was short on detail, I went to the source code and found
that AbstractBindingBuilder.java:294 was simply throwing away the rest of the
Exception object. There's a method existing already to take the exception too
so I changed that line to call it and now get the following MUCH more useful
error message on the end of the stack trace:
Caused by: org.apache.xml.security.encryption.XMLEncryptionException: Invalid
AES key length: 20 bytes
Original Exception was java.security.InvalidKeyException: Invalid AES key
length: 20 bytes
I chose priority Major because without this user will report the error "cannot
encrypt data" which will give developers very little to go on. The only way to
find the real problem is to attach a debugger which is not an option for
everybody.
I'll attach a patch to this issue to resolve this.
was:
I had a working WS-Policy which was encrypting the SOAP body with a
UsernameToken using Basic128 encryption, then I modified the policy to use
Basic256 encryption instead. I got the following stack trace cause:
Caused by: org.apache.cxf.ws.policy.PolicyException: Cannot encrypt data
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:294)
Since the exception was short on detail, I went to the source code and found
that AbstractBindingBuilder.java:294 was simply throwing away the rest of the
Exception object. There's a method existing already to take the exception too
so I changed that line to call it and now get the following MUCH more useful
error message on the end of the stack trace:
Caused by: org.apache.xml.security.encryption.XMLEncryptionException: Invalid
AES key length: 20 bytes
Original Exception was java.security.InvalidKeyException: Invalid AES key
length: 20 bytes
I'll attach a patch to this issue to resolve this.
> Policy exception handler throws away useful exception stack trace
> -----------------------------------------------------------------
>
> Key: CXF-5317
> URL: https://issues.apache.org/jira/browse/CXF-5317
> Project: CXF
> Issue Type: Improvement
> Components: WS-* Components
> Affects Versions: 2.7.6, 2.7.7
> Reporter: Jesse Pangburn
> Labels: patch, ws-policy, ws-security
> Attachments: AbstractBindingBuilder.patch
>
>
> I had a working WS-Policy which was encrypting the SOAP body with a
> UsernameToken using Basic128 encryption, then I modified the policy to use
> Basic256 encryption instead. I got the following stack trace cause:
> Caused by: org.apache.cxf.ws.policy.PolicyException: Cannot encrypt data
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:294)
> Since the exception was short on detail, I went to the source code and found
> that AbstractBindingBuilder.java:294 was simply throwing away the rest of the
> Exception object. There's a method existing already to take the exception
> too so I changed that line to call it and now get the following MUCH more
> useful error message on the end of the stack trace:
> Caused by: org.apache.xml.security.encryption.XMLEncryptionException: Invalid
> AES key length: 20 bytes
> Original Exception was java.security.InvalidKeyException: Invalid AES key
> length: 20 bytes
> I chose priority Major because without this user will report the error
> "cannot encrypt data" which will give developers very little to go on. The
> only way to find the real problem is to attach a debugger which is not an
> option for everybody.
> I'll attach a patch to this issue to resolve this.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
