cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen Langella <stephen.lange...@inventrio.com>
Subject WS SecurityPolicy
Date Tue, 18 Aug 2009 17:06:23 GMT
I am trying to configure my service to use WS SecurityPolicy for  
specifying a transport binding policy for HTTPS.    I have added a  
TransportBinding policy to my WSDL and created  a transport binding  
policy and binded it to an endpoint policy subject.  At first I  
configured the server (through the WS-SecurityPolicy in the WSDL) to  
not require the client to provide a certificate.   This worked fine,  
second I changed the server to require a client certificate  
(<sp:HttpsToken RequireClientCertificate="true"/>).   In testing this  
I tried my client without providing a certificate and it still  
worked.  This seems to suggest that either the WS-SecurityPolicy is  
not being applied or that CXF is not enforcing that a client  
certificate be provided.  Any ideas what I might be doing wrong?    
Below I have provided my WSDL for reference, thanks in advance.

<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions name="HelloWorld"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
     xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
    xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
     xmlns:tns="http://www.cagrid.org/HelloWorld"
     xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
     xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd

"
     targetNamespace="http://www.cagrid.org/HelloWorld">
    <wsdl:types>
        <xsd:schema targetNamespace="http://www.cagrid.org/HelloWorld">
            <xsd:element name="SayHelloRequest" type="xsd:string" />
            <xsd:element name="SayHelloResponse" type="xsd:string" />
        </xsd:schema>
    </wsdl:types>
    <wsdl:message name="SayHelloRequest">
        <wsdl:part element="tns:SayHelloRequest" name="parameters" />
    </wsdl:message>
    <wsdl:message name="SayHelloResponse">
        <wsdl:part element="tns:SayHelloResponse" name="parameters" />
    </wsdl:message>
    <wsdl:portType name="HelloWorld">
        <wsdl:operation name="SayHello">
            <wsdl:input message="tns:SayHelloRequest"  
name="sayHelloRequest" />
            <wsdl:output message="tns:SayHelloResponse"  
name="sayHelloResponse" />
        </wsdl:operation>
    </wsdl:portType>
    <wsdl:binding name="HelloWorldBinding" type="tns:HelloWorld">
        <wsp:PolicyReference URI="#HelloWorldSecureTransportPolicy"/>
        <soap:binding style="document"
            transport="http://schemas.xmlsoap.org/soap/http" />
        <wsdl:operation name="SayHello">
            <soap:operation soapAction="" style="document" />
            <wsdl:input name="sayHelloRequest">
                <soap:body use="literal" />
            </wsdl:input>
            <wsdl:output name="sayHelloResponse">
                <soap:body use="literal" />
            </wsdl:output>
        </wsdl:operation>
    </wsdl:binding>
    <wsdl:service name="HelloWorldService">
        <wsdl:port name="HelloWorldPort"  
binding="tns:HelloWorldBinding">
            <soap:address location="https://llanowar:9001/HelloWorldService 
" />
        </wsdl:port>
    </wsdl:service>

     <wsp:Policy wsu:Id="HelloWorldSecureTransportPolicy">
        <wsp:ExactlyOne>
            <wsp:All>
                <sp:TransportBinding
                    xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy 
">
                    <wsp:Policy>
                        <sp:TransportToken>
                            <wsp:Policy>
                                <sp:HttpsToken  
RequireClientCertificate="true" />
                            </wsp:Policy>
                        </sp:TransportToken>
                        <sp:AlgorithmSuite>
                            <wsp:Policy>
                                <sp:Basic256 />
                            </wsp:Policy>
                        </sp:AlgorithmSuite>
                        <sp:Layout>
                            <wsp:Policy>
                                <sp:Lax />
                            </wsp:Policy>
                        </sp:Layout>
                        <sp:IncludeTimestamp />
                    </wsp:Policy>
                </sp:TransportBinding>
                <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy

">
                    <wsp:Policy>
                        <sp:MustSupportRefKeyIdentifier />
                        <sp:MustSupportRefIssuerSerial />
                    </wsp:Policy>
                </sp:Wss10>
            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>
</wsdl:definitions>


--Steve

Stephen Langella
Co-Founder
Inventrio, LLC
www.inventrio.com

Stephen.Langella@inventrio.com







Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message