cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: CXF client to .NET web service attempting to create BinarySecurityToken (BST)
Date Fri, 12 Apr 2013 10:00:44 GMT
There is no really easy way to do this. The WS-SecurityPolicy approach will
only work with the TransportBinding, which is only applicable if the
endpoint is secured using TLS. The non-TLS bindings (Symmetric +
Asymmetric) will not work without signing/encrypting the request.

Probably the best approach is to write your own code to put the Timestamp +
BinarySecurityToken in the security header using WSS4J's internal
functionality. For example, here are some tests that manually add both a
Timestamp + BinarySecurityToken to the security header of a request:

http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/TimestampTest.java?view=markup
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/token/BinarySecurityTokenTest.java?view=markup

Colm.


On Thu, Apr 11, 2013 at 11:00 PM, Rubicon <rneuendorff@gmail.com> wrote:

> I just need to create the security header with a Timestamp and the BST,
> without signing or encrypting...  I found this topic ( x 509 security token
> <http://cxf.547215.n5.nabble.com/x-509-security-token-td5150380.html>  )
> that seems to be more in the direction I need, so I have started chasing
> it...
>
> But now I am hitting an assertion: *HttpsToken could not be asserted: Not
> an
> HTTPs connection*
>
> The URL of the web service I am connecting to is HTTP://, not HTTPS://,
> but
> I cannot seem to change HttpsToken to HttpToken, even if I include older
> ws-security schemas that did have HttpToken.
>
> Am I on the right track?  How can I get past this?  Here is my policy:
>
> /
>   <wsdl:binding name="{method}Soap" type="tns:{method}Soap">
>     <wsp:PolicyReference URI="#{method}SupportingTokenPolicy" />
>    ....
>   </wsdl:binding>
> ....
>   <wsp:Policy wsu:Id="{method}SupportingTokenPolicy">
>     <wsp:ExactlyOne>
>       <wsp:All>
>         <sp:TransportBinding>
>         <wsp:Policy>
>           <sp:TransportToken>
>             <wsp:Policy>
>               <sp:HttpsToken>
>                 <wsp:Policy/>
>               </sp:HttpsToken>
>             </wsp:Policy>
>           </sp:TransportToken>
>           <sp:Layout>
>             <wsp:Policy>
>               <sp:Lax />
>             </wsp:Policy>
>           </sp:Layout>
>           <sp:IncludeTimestamp />
>           <sp:AlgorithmSuite>
>             <wsp:Policy>
>               <sp:Basic128 />
>             </wsp:Policy>
>           </sp:AlgorithmSuite>
>         </wsp:Policy>
>         </sp:TransportBinding>
>         <sp:SupportingTokens>
>         <wsp:Policy>
>           <sp:X509Token
>
> sp:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
> ">
>             <wsp:Policy>
>               <sp:WssX509V3Token10 />
>             </wsp:Policy>
>           </sp:X509Token>
>         </wsp:Policy>
>         </sp:SupportingTokens>
>       </wsp:All>
>     </wsp:ExactlyOne>
>   </wsp:Policy>
> /
>
> Thanks again for everyone's help.
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/CXF-client-to-NET-web-service-attempting-to-create-BinarySecurityToken-BST-tp5726168p5726189.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message