cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Few doubts about a ws-secuirty/sign_enc sample application in cxf
Date Thu, 21 Mar 2013 15:28:32 GMT
But not enough information to understand what these values mean how to
> properly use them.
>

"DirectReference" should work fine for Signatures. I wrote a blog entry
here explaining Key Identifiers + will port to WSS4J configuration pages in
due course:

http://coheigea.blogspot.ie/2013/03/signature-and-encryption-key.html

Colm.

On Thu, Mar 7, 2013 at 8:29 PM, cb9 <c_brown1999@hotmail.com> wrote:

> Hi,
>
> Sorry for long post.
>
> I have redeveloped sample application which comes with cxf which in
> ws-security/sign_enc.
>
> This application is about encrypting and signing.
>
> In original sample application, all interceptors are configured using Java
> code. For a change, I configured interceptors at client side using Java
> code
> and configured interceptors at server side using spring bean configuration.
>
> In this application Client signs following
>
> outProps.put("signatureParts",
>                          "{Element}{" + WSU_NS + "}Timestamp;"
>                          +
> "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;"
>                          +
> "{}{http://www.w3.org/2005/08/addressing}ReplyTo;");
>
> Now if I configure ws-addressing using spring configuration like below
>
> <jaxws:features>
>             <wsa:addressing xmlns:wsa="http://cxf.apache.org/ws/addressing
> "
> />
> </jaxws:features>
>
> It works perfect.
>
> But if I configure ws-addressing using java code like one below
>
>  bus.getFeatures().add(new WSAddressingFeature());
>
> It gives me exception
>
> SEVERE:
> org.apache.ws.security.WSSecurityException: General security error
> (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found:
> http://www.w3.org/2005/08/addressing, ReplyTo)
>         at
>
> org.apache.ws.security.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:160)
>         at
>
> org.apache.ws.security.message.WSSecSignature.addReferencesToSign(WSSecSignature.java:409)
>         at
>
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:93)
>         at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230)
>         at
>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
>         at
>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)
>         at
>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
>         at
>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
>         at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
>         at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
>         at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
>         at com.sun.proxy.$Proxy29.sayHello(Unknown Source)
>         at com.test.cxf9_client.Client.main(Client.java:108)
>
>
> I do not know why ws-addressing not getting properly inserted in SOAP
> header
> when I configure it using java code.
>
>
>
>
> I have one more question
>
> In the sample application I saw signatureKeyIdentifier is configured using
> DirectReference like the one below
>
>  inProps.put("signatureKeyIdentifier", "DirectReference")
>
> But when I configured it using DirectReference, it gave me an error.
>
> WSHandler: Signature: unknown key identification
>
> But when I changed it to IssuerSerial, it worked.
>
> I tried to understand what these values mean by reading this
> http://ws.apache.org/wss4j/config.html
>
> It says
>
>  The configuration values for setting the KeyIdentifiers for signature or
> encryption are shown below. See the Javadoc for SIG_KEY_ID and ENC_KEY_ID
> for more details:
> Value
> DirectReference
> IssuerSerial
> X509KeyIdentifier
> SKIKeyIdentifier
> EmbeddedKeyName
> Thumbprint
> EncryptedKeySHA1
>
>
> But not enough information to understand what these values mean how to
> properly use them.
>
> Thanks
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Few-doubts-about-a-ws-secuirty-sign-enc-sample-application-in-cxf-tp5724278.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message