cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glen Mazza <>
Subject Re: WS-Security policy not being enabled in CXF
Date Fri, 02 Mar 2012 12:18:27 GMT
2nd paragraph, from the top:


On 03/02/2012 04:19 AM, martin wrote:
> Hello again Glen
> I have control over the web service provider. I am running on a Tomcat
> server on a local machine.
> I tried to reload the keys again thinking I made an error last time (I only
> used one client and one server key this time, just to be sure), but I am
> still getting the exact same error.
> Lastly, you are saying that you put the entire example somewhere on your
> blog, but I can't seem to find it. I might just be blind, but I have looked
> over the blog entry a couple of times not but I just can't find it. Can you
> tell me where it is?
>> Do you have control over the web service provider, or it's external and
>> you're only building a client?
>> I provided the source code in that blog entry, you might wish to
>> download and at least confirm *that* works, then it's an issue of trying
>> to extrapolate why my client's OK but yours is having problems (of
>> course, the fact that you're using a different web service provider that
>> might have some peculiar requirements is probably going to be the source
>> of the problem.)  Using Wireshark
>> ( can also
>> help with your debugging a bit, by making it clearer where the error
>> messages are coming from.
>> It appears the "The signature or decryption was invalid" message came
> >from the web service provider, that might mean the service has the wrong
>> client public key in its truststore (when it tried to validate the
>> client's signature, it's comparing it with the wrong public key) or, if
>> you're using assymmetric (2-key) binding, your client has the wrong
>> public key of the service (The client encrypted the message with the
>> wrong public key and hence the decryption failure when the service tried
>> to decrypt it with its private key.)
>> Finally, one of the keys you mentioned below:
>> keytool -genkey -alias myclient2key -keyalg RSA -sigalg SHA1withRSA
> -keypass
>> ck2pass -storepass cs2pass -keystore client2Keystore.jks -dname
>> Is unnecessary, it was placed in the tutorial for educational purposes
> only.
>> HTH,
>> Glen
> --
> View this message in context:
> Sent from the cxf-user mailing list archive at

Glen Mazza
Talend Community Coders -

View raw message