Return-Path: X-Original-To: apmail-cxf-users-archive@www.apache.org Delivered-To: apmail-cxf-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 42F93FB9D for ; Thu, 21 Mar 2013 15:28:36 +0000 (UTC) Received: (qmail 81194 invoked by uid 500); 21 Mar 2013 15:28:35 -0000 Delivered-To: apmail-cxf-users-archive@cxf.apache.org Received: (qmail 81141 invoked by uid 500); 21 Mar 2013 15:28:35 -0000 Mailing-List: contact users-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cxf.apache.org Delivered-To: mailing list users@cxf.apache.org Received: (qmail 81133 invoked by uid 99); 21 Mar 2013 15:28:35 -0000 Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Mar 2013 15:28:35 +0000 Received: from localhost (HELO mail-we0-f177.google.com) (127.0.0.1) (smtp-auth username coheigea, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Mar 2013 15:28:34 +0000 Received: by mail-we0-f177.google.com with SMTP id d7so2412112wer.8 for ; Thu, 21 Mar 2013 08:28:33 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.194.62.170 with SMTP id z10mr17996496wjr.34.1363879712978; Thu, 21 Mar 2013 08:28:32 -0700 (PDT) Reply-To: coheigea@apache.org Received: by 10.194.173.197 with HTTP; Thu, 21 Mar 2013 08:28:32 -0700 (PDT) In-Reply-To: <1362688176426-5724278.post@n5.nabble.com> References: <1362688176426-5724278.post@n5.nabble.com> Date: Thu, 21 Mar 2013 15:28:32 +0000 Message-ID: Subject: Re: Few doubts about a ws-secuirty/sign_enc sample application in cxf From: Colm O hEigeartaigh To: users@cxf.apache.org Content-Type: multipart/alternative; boundary=047d7ba98302d0462e04d870fdc8 --047d7ba98302d0462e04d870fdc8 Content-Type: text/plain; charset=ISO-8859-1 But not enough information to understand what these values mean how to > properly use them. > "DirectReference" should work fine for Signatures. I wrote a blog entry here explaining Key Identifiers + will port to WSS4J configuration pages in due course: http://coheigea.blogspot.ie/2013/03/signature-and-encryption-key.html Colm. On Thu, Mar 7, 2013 at 8:29 PM, cb9 wrote: > Hi, > > Sorry for long post. > > I have redeveloped sample application which comes with cxf which in > ws-security/sign_enc. > > This application is about encrypting and signing. > > In original sample application, all interceptors are configured using Java > code. For a change, I configured interceptors at client side using Java > code > and configured interceptors at server side using spring bean configuration. > > In this application Client signs following > > outProps.put("signatureParts", > "{Element}{" + WSU_NS + "}Timestamp;" > + > "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;" > + > "{}{http://www.w3.org/2005/08/addressing}ReplyTo;"); > > Now if I configure ws-addressing using spring configuration like below > > > /> > > > It works perfect. > > But if I configure ws-addressing using java code like one below > > bus.getFeatures().add(new WSAddressingFeature()); > > It gives me exception > > SEVERE: > org.apache.ws.security.WSSecurityException: General security error > (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: > http://www.w3.org/2005/08/addressing, ReplyTo) > at > > org.apache.ws.security.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:160) > at > > org.apache.ws.security.message.WSSecSignature.addReferencesToSign(WSSecSignature.java:409) > at > > org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:93) > at > org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230) > at > > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52) > at > > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260) > at > > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136) > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271) > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319) > at > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) > at > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133) > at com.sun.proxy.$Proxy29.sayHello(Unknown Source) > at com.test.cxf9_client.Client.main(Client.java:108) > > > I do not know why ws-addressing not getting properly inserted in SOAP > header > when I configure it using java code. > > > > > I have one more question > > In the sample application I saw signatureKeyIdentifier is configured using > DirectReference like the one below > > inProps.put("signatureKeyIdentifier", "DirectReference") > > But when I configured it using DirectReference, it gave me an error. > > WSHandler: Signature: unknown key identification > > But when I changed it to IssuerSerial, it worked. > > I tried to understand what these values mean by reading this > http://ws.apache.org/wss4j/config.html > > It says > > The configuration values for setting the KeyIdentifiers for signature or > encryption are shown below. See the Javadoc for SIG_KEY_ID and ENC_KEY_ID > for more details: > Value > DirectReference > IssuerSerial > X509KeyIdentifier > SKIKeyIdentifier > EmbeddedKeyName > Thumbprint > EncryptedKeySHA1 > > > But not enough information to understand what these values mean how to > properly use them. > > Thanks > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Few-doubts-about-a-ws-secuirty-sign-enc-sample-application-in-cxf-tp5724278.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com --047d7ba98302d0462e04d870fdc8--