cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From martin <>
Subject Re: WS-Security policy not being enabled in CXF
Date Fri, 02 Mar 2012 09:19:01 GMT
Hello again Glen

I have control over the web service provider. I am running on a Tomcat
server on a local machine.

I tried to reload the keys again thinking I made an error last time (I only
used one client and one server key this time, just to be sure), but I am
still getting the exact same error.

Lastly, you are saying that you put the entire example somewhere on your
blog, but I can't seem to find it. I might just be blind, but I have looked
over the blog entry a couple of times not but I just can't find it. Can you
tell me where it is?

>Do you have control over the web service provider, or it's external and
>you're only building a client?

>I provided the source code in that blog entry, you might wish to
>download and at least confirm *that* works, then it's an issue of trying
>to extrapolate why my client's OK but yours is having problems (of
>course, the fact that you're using a different web service provider that
>might have some peculiar requirements is probably going to be the source
>of the problem.)  Using Wireshark
>( can also
>help with your debugging a bit, by making it clearer where the error
>messages are coming from.

>It appears the "The signature or decryption was invalid" message came
>from the web service provider, that might mean the service has the wrong
>client public key in its truststore (when it tried to validate the
>client's signature, it's comparing it with the wrong public key) or, if
>you're using assymmetric (2-key) binding, your client has the wrong
>public key of the service (The client encrypted the message with the
>wrong public key and hence the decryption failure when the service tried
>to decrypt it with its private key.)

>Finally, one of the keys you mentioned below:

>keytool -genkey -alias myclient2key -keyalg RSA -sigalg SHA1withRSA
>ck2pass -storepass cs2pass -keystore client2Keystore.jks -dname

>Is unnecessary, it was placed in the tutorial for educational purposes


View this message in context:
Sent from the cxf-user mailing list archive at

View raw message