This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Apigee-Java-WsSec-Signature

Posted on 01-06-2025 05:30 AM
Mohamed_Mokhtar
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Mohamed_Mokhtar_0-1736169963848.png

I am currently using Apigee Edge to verify signatures using the code from the following repository:
https://github.com/DinoChiesa/Apigee-Java-WsSec-Signature-2.

However, the response I receive is "signature not verified." The same code works correctly on Apigee X with the same data, but it doesn't seem to work on Apigee Edge.

Could you assist me in understanding why this might be happening and how I can resolve it? @dchiesa1 

0 1 163
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

I can only guess as to what the problem might be. 

If I were you I would try these things:

- set the debug property on the callout to true - you may get a stack trace that way which may help you better understand what is failing. 

- if that does not work, explicitly provide all the dependencies as Java resources in your Apigee Edge environment. 

Regarding the latter, In some cases when I publish a Java callout, I assume the dependencies, like BouncyCastle or slf4j, are available in Apigee.  You can see that in the pom.xml file of that callout , which has this snip in the ant plugin used during the package phase: 

 

            <!-- exclude files we can count on. -->
            <exclude name="lib/slf4j-api-${slf4j.version}.jar"/>
            <exclude name="lib/bc*-jdk15on-*.jar"/>

 

In the case of this particular callout, the required jars are:

 

bcutil-jdk15on-1.70.jar
slf4j-api-1.7.14.jar
bcpkix-jdk15on-1.70.jar
bcprov-jdk15on-1.70.jar

 

Strictly speaking , excluding dependencies like this from the packaging phase is risky. Apigee doesn't make any guarantees that it supplies a set of  "common" or "popular" Java JARs  for use by callouts.  Apigee of course is built on Java and uses many JARs itself, and at least up until now, the JARs Apigee packages for itself could also be used by callouts. But there has been no guarantee. 

The Apigee documentation has always said that you must explicitly provide all dependencies for any JARs you use in JavaCallouts. It is possible that Apigee Edge is not "implicitly" providing one or more of those require JARs. 

If this is the problem , then the solution is one of these things: 

  • manually obtain the Bouncy castle jars and slf4j jars 
  • comment-out those two lines from the pom.xml file,  and rebuild the callout jar. This will assemble all the JARs necessary for this callout, and place them into the bundle/apiproxy/resources/java directory. 

...and THEN, you must  supply those jars as resources in your environment, or (probably less wise) as resources for this particular proxy. 

Top Solution Authors
View all