cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Roeloffzen <ted.roeloff...@gmail.com>
Subject ws security
Date Thu, 23 May 2013 09:34:21 GMT
Hello all,

I'm having al little difficulty setting up my client-webservice with the
correct settings.
This is the main part of the WSDL that i have to comply to.

<wsp:Policy wsu:Id="">
        <wsp:ExactlyOne>
            <wsp:All>
                <sp:AsymmetricBinding xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                    <wsp:Policy>
                        <sp:InitiatorToken>
                            <wsp:Policy>
                                <sp:X509Token sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
">
                                    <wsp:Policy>
                                        <sp:RequireThumbprintReference/>
                                        <sp:WssX509V3Token10/>
                                    </wsp:Policy>
                                </sp:X509Token>
                            </wsp:Policy>
                        </sp:InitiatorToken>
                        <sp:RecipientToken>
                            <wsp:Policy>
                                <sp:X509Token sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToInitiator
">
                                    <wsp:Policy>
                                        <sp:RequireThumbprintReference/>
                                        <sp:WssX509V3Token10/>
                                    </wsp:Policy>
                                </sp:X509Token>
                            </wsp:Policy>
                        </sp:RecipientToken>
                        <sp:AlgorithmSuite>
                            <wsp:Policy>
                <sp:Basic256Sha256Rsa15/>
              </wsp:Policy>
                        </sp:AlgorithmSuite>
                        <sp:Layout>
                            <wsp:Policy>
                                <sp:Lax/>
                            </wsp:Policy>
                        </sp:Layout>
                        <sp:IncludeTimestamp/>
                        <sp:OnlySignEntireHeadersAndBody/>
                    </wsp:Policy>
                </sp:AsymmetricBinding>
            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>
    <wsp:Policy wsu:Id="">
        <wsp:ExactlyOne>
            <wsp:All>
                <sp:SignedParts xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                    <sp:Body/>
                </sp:SignedParts>
            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>

i have deleted the id's, for the sake of our client.

The problem is that i'm unable the setup the correct token inclusion and so
on.
I can't seem to figure out which parameters have to be set with CXF.
Since we don't use Spring, I have to configure everything through the API.


THis is what i have so far.
Map<String, Object> outProps = new HashMap<String, Object>();
        outProps.put(WSHandlerConstants.ACTION,
WSHandlerConstants.TIMESTAMP + " "
            + WSHandlerConstants.SIGNATURE);
        outProps.put(WSHandlerConstants.SIG_ALGO,
            "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        outProps.put(WSHandlerConstants.SIG_DIGEST_ALGO, "
http://www.w3.org/2001/04/xmlenc#sha256");

        WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
        client.getOutInterceptors().add(wssOut);

And i'm adding a custom Interceptor that does this in the handleMessage at
the Pre_logical phase

X509Certificate[] certificates = {holder.getCertificate()};
        CertificateStore store = new CertificateStore(certificates);

        message.put(SecurityConstants.SIGNATURE_CRYPTO, store);

Can one of you point me in the right direction?

kind regards,

Ted

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message