Return-Path: X-Original-To: apmail-cxf-users-archive@www.apache.org Delivered-To: apmail-cxf-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 877769BED for ; Fri, 2 Mar 2012 09:19:30 +0000 (UTC) Received: (qmail 15379 invoked by uid 500); 2 Mar 2012 09:19:29 -0000 Delivered-To: apmail-cxf-users-archive@cxf.apache.org Received: (qmail 15336 invoked by uid 500); 2 Mar 2012 09:19:29 -0000 Mailing-List: contact users-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cxf.apache.org Delivered-To: mailing list users@cxf.apache.org Received: (qmail 15328 invoked by uid 99); 2 Mar 2012 09:19:29 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Mar 2012 09:19:29 +0000 X-ASF-Spam-Status: No, hits=2.0 required=5.0 tests=SPF_NEUTRAL,URI_HEX X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: 216.139.236.26 is neither permitted nor denied by domain of skumleren@gmail.com) Received: from [216.139.236.26] (HELO sam.nabble.com) (216.139.236.26) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Mar 2012 09:19:22 +0000 Received: from [192.168.236.26] (helo=sam.nabble.com) by sam.nabble.com with esmtp (Exim 4.72) (envelope-from ) id 1S3Odh-00076y-Ho for users@cxf.apache.org; Fri, 02 Mar 2012 01:19:01 -0800 Date: Fri, 2 Mar 2012 01:19:01 -0800 (PST) From: martin To: users@cxf.apache.org Message-ID: <1330679941544-5530444.post@n5.nabble.com> In-Reply-To: <4F504C70.1040005@talend.com> References: <1964932.8taD8WMXXm@dilbert.dankulp.com> <1330368809126-5519791.post@n5.nabble.com> <4F4BD2AE.2010403@talend.com> <1330634806369-5529180.post@n5.nabble.com> <4F504C70.1040005@talend.com> Subject: Re: WS-Security policy not being enabled in CXF MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Hello again Glen I have control over the web service provider. I am running on a Tomcat server on a local machine. I tried to reload the keys again thinking I made an error last time (I only used one client and one server key this time, just to be sure), but I am still getting the exact same error. Lastly, you are saying that you put the entire example somewhere on your blog, but I can't seem to find it. I might just be blind, but I have looked over the blog entry a couple of times not but I just can't find it. Can you tell me where it is? >Do you have control over the web service provider, or it's external and >you're only building a client? >I provided the source code in that blog entry, you might wish to >download and at least confirm *that* works, then it's an issue of trying >to extrapolate why my client's OK but yours is having problems (of >course, the fact that you're using a different web service provider that >might have some peculiar requirements is probably going to be the source >of the problem.) Using Wireshark >(http://www.jroller.com/gmazza/entry/soap_calls_over_wireshark) can also >help with your debugging a bit, by making it clearer where the error >messages are coming from. >It appears the "The signature or decryption was invalid" message came >from the web service provider, that might mean the service has the wrong >client public key in its truststore (when it tried to validate the >client's signature, it's comparing it with the wrong public key) or, if >you're using assymmetric (2-key) binding, your client has the wrong >public key of the service (The client encrypted the message with the >wrong public key and hence the decryption failure when the service tried >to decrypt it with its private key.) >Finally, one of the keys you mentioned below: >keytool -genkey -alias myclient2key -keyalg RSA -sigalg SHA1withRSA -keypass >ck2pass -storepass cs2pass -keystore client2Keystore.jks -dname >Is unnecessary, it was placed in the tutorial for educational purposes only. >HTH, >Glen -- View this message in context: http://cxf.547215.n5.nabble.com/WS-Security-policy-not-being-enabled-in-CXF-tp5512888p5530444.html Sent from the cxf-user mailing list archive at Nabble.com.