cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Configuring SwA to work with WS-Security in a CXF client
Date Tue, 11 Feb 2014 16:13:02 GMT
There are no CXF 2.7.x based solutions. The exception message seems to be
that you are using the RSA 1.5 key transport algorithm even though there is
no RSA 1.5 security policy in effect. What "AlgorithmSuite" policy are you
using? Is it a CXF client or some other stack? What does the failing
request look like?

Colm.


On Tue, Feb 11, 2014 at 4:08 PM, Wabi Sabi <wabisabi2004@gmail.com> wrote:

> Thank you very much, Colm for detailed and complete responses. I tried
> building client with CXF 3, but it seems to break even the calls that
> worked before. I now get:
>
> Caused by: *org.apache.wss4j.common.ext.WSSecurityException*: An error was
> discovered processing the <wsse:Security> header
>
> Thrown by org.apache.wss4j.dom.processor.EncryptedKeyProcessor:
>
>         if
> (WSConstants.KEYTRANSPORT_RSA15.equals(encryptedKeyTransportMethod)
>             && !data.isAllowRSA15KeyTransportAlgorithm()
>             &&
>
> !algorithmSuite.getKeyWrapAlgorithms().contains(WSConstants.KEYTRANSPORT_RSA15))
> {
>             log.debug(
>                 "The Key transport method does not match the requirement"
>             );
>             throw new
> WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
>         }
>
>
> I would greatly appreciate any pointers for implementing a CXF 2.7-based
> solution for the decryption...
>
>
>
> On Mon, Feb 10, 2014 at 11:38 AM, Colm O hEigeartaigh
> <coheigea@apache.org>wrote:
>
> > Here is a blog article describing how to use this new functionality in
> > CXF...
> >
> > http://coheigea.blogspot.ie/2014/02/apache-wss4j-200-part-v.html
> >
> > Colm.
> >
> >
> > On Fri, Feb 7, 2014 at 3:27 PM, Colm O hEigeartaigh <coheigea@apache.org
> > >wrote:
> >
> > >
> > > Signing + encrypting/decrypting SOAP Attachments is not supported in
> CXF
> > > 2.7.x. However it is supported on CXF trunk at the moment, and will be
> > > included in the forthcoming CXF 3.0.0 release. Here are some tests if
> you
> > > are interested:
> > >
> > >
> > >
> >
> http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/
> > >
> > > Colm.
> > >
> > >
> > > On Fri, Feb 7, 2014 at 3:19 PM, Wabi Sabi <wabisabi2004@gmail.com>
> > wrote:
> > >
> > >> Hello,
> > >>
> > >> I wonder if CXF can be configured to decrypt attachments that come as
> a
> > >> web
> > >> service response?
> > >>
> > >> I hoped that WSS4JInInterceptor will take care of this use case, but
> it
> > >> fails with "The signature or decryption was invalid" exception, which
> is
> > >> caused by "org.apache.xml.security.encryption.XMLEncryptionException:
> > >> Could
> > >> not find a resolver for URI
> > >> cid:urn%3Auuid%@apache.org and Base null
> > >>
> > >> I managed to write a custom resolver to provide attachment data, but
> > then
> > >> it fails with yet another exception:
> > >> org.apache.xml.security.encryption.XMLEncryptionException:
> > >> Unknown transformation. No handler installed for URI
> > >>
> > >>
> >
> http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform
> > >>
> > >> Can somebody point me in the right direction, please? Any help is
> > greatly
> > >> appreciated.
> > >>
> > >> Thanks in advance.
> > >>
> > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message