cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Help with configuring web service to match security from WSDL
Date Fri, 03 Nov 2017 13:11:44 GMT
Do you have a test-case I can take a look at?

Colm.

On Fri, Nov 3, 2017 at 1:07 PM, Morein, Arnie <Arnold.Morein@dps.texas.gov>
wrote:

> Yes, In fact most of the CXF package is imported via Maven.
>
> -----Original Message-----
> From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Sent: Friday, November 03, 2017 8:03 AM
> To: Morein, Arnie
> Cc: users@cxf.apache.org
> Subject: Re: Help with configuring web service to match security from WSDL
>
> Have you got the cxf-rt-ws-policy on the classpath?
>
> Colm.
>
> On Fri, Nov 3, 2017 at 12:53 PM, Morein, Arnie <
> Arnold.Morein@dps.texas.gov>
> wrote:
>
> > That's what I was afraid of. I removed the registration of the
> > intercepters and now am getting:
> >
> > org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
> > wssecurity-secext-1.0.xsd}Security] are not understood.
> >
> > Both without and with the following properties added to the end point:
> >
> >         <jaxws:properties>
> >             <entry key="security.callback-handler.sct"
> >                 value="gov.uscis.uscis.xsd.esb.authentication.
> > AuthenticationServicePasswordCallback" />
> >             <entry key="security.signature.properties.sct"
> > value="cxf/crypto.properties" />
> >             <entry key="security.encryption.username.sct"
> > value="dls-vls-mock-service-client-key" />
> >         </jaxws:properties>
> >
> > I must say, the documentation is very vague in places. I'm assuming
> > that "username" is the JKS alias of the key used to sign/etc. the
> messages.
> >
> > So what I have I left out now?
> >
> > What's more confusing is that the WAR containing the mock service is
> > running in the same VM on my machine as the client. I deploy the
> > service first (no errors) and then the client, then it attempts to
> > connect. The logging doesn't clearly indicate if the exception is
> > coming from the client or the server. Could that be the case?
> >
> >
> > -----Original Message-----
> > From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> > Sent: Friday, November 03, 2017 3:17 AM
> > To: users@cxf.apache.org
> > Subject: Re: Help with configuring web service to match security from
> > WSDL
> >
> > Hi,
> >
> > You are mixing up the two different ways of configuring WS-Security in
> CXF.
> > When there is a security policy available, then you don't manually
> > configure the WSS4JInInterceptor or WSS4JOutInterceptors. They are
> > used when there is no security policy and you have to manually tell
> > CXF what WS-Security actions to perform. Instead the configuration is
> > a lot simpler for the policy case.
> >
> > I'd suggest you look at the example test-case for
> > WS-SecureConversation in the CXF source:
> >
> > https://github.com/apache/cxf/blob/master/systests/ws-
> > security-examples/src/test/java/org/apache/cxf/systest/
> > wssec/examples/secconv/SecureConversationTest.java
> >
> > In particular, the service configuration is here:
> >
> > https://github.com/apache/cxf/blob/master/systests/ws-
> > security-examples/src/test/resources/org/apache/cxf/
> > systest/wssec/examples/secconv/server.xml
> >
> > Colm.
> >
> > On Fri, Nov 3, 2017 at 2:43 AM, Morein, Arnie
> > <Arnold.Morein@dps.texas.gov
> > >
> > wrote:
> >
> > > I have created a mock service based on a WSDL from a vendor that is
> > > already in use.
> > >
> > > One of the calls requires that the message be
> > > timestamped/signed/encrypted before transmission.
> > >
> > > The real service provider issued an X.509 certificate for our use. I
> > > have had our internal folks issue one like it with the same extensions.
> > >
> > > Everything is in place, but when the client app hits my mock
> > > service, it gets an error that is neither clear or helpful:
> > >
> > >
> > > org.apache.cxf.binding.soap.SoapFault: A security error was
> > > encountered when verifying the message ...
> > > Caused by: org.apache.wss4j.common.ext.WSSecurityException: An error
> > > was discovered processing the <wsse:Security> header
> > >
> > > Digging into the CXF trace log, I barely managed to find these:
> > >
> > > 2017-11-02 19:49:52.018 DEBUG
> > > [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor]
> > > WSS4JInInterceptor: enter handleMessage()
> > > 2017-11-02 19:49:54.037 WARN   [org.apache.cxf.ws.security.
> > wss4j.WSS4JInInterceptor]
> > > Security processing failed (actions mismatch)
> > >
> > > The messages are being generated by CXF (wsdl2java situation).
> > >
> > > The WSDL policy section is thus:
> > >
> > >     <wsp:Policy wsu:Id="wsHttpEndPoint_policy">
> > >         <wsp:ExactlyOne>
> > >             <wsp:All>
> > >                 <sp:TransportBinding
> > >                     xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
> > > securitypolicy"
> > >                 >
> > >                     <wsp:Policy>
> > >                         <sp:TransportToken>
> > >                             <wsp:Policy>
> > >                                 <sp:HttpsToken
> > >                                     RequireClientCertificate="false"
> />
> > >                             </wsp:Policy>
> > >                         </sp:TransportToken>
> > >                         <sp:AlgorithmSuite>
> > >                             <wsp:Policy>
> > >                                 <sp:Basic256 />
> > >                             </wsp:Policy>
> > >                         </sp:AlgorithmSuite>
> > >                         <sp:Layout>
> > >                             <wsp:Policy>
> > >                                 <sp:Strict />
> > >                             </wsp:Policy>
> > >                         </sp:Layout>
> > >                         <sp:IncludeTimestamp />
> > >                     </wsp:Policy>
> > >                 </sp:TransportBinding>
> > >                 <sp:EndorsingSupportingTokens
> > >                     xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
> > > securitypolicy"
> > >                 >
> > >                     <wsp:Policy>
> > >                         <sp:SecureConversationToken
> > >                             sp:IncludeToken="http://
> > > schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> > > IncludeToken/AlwaysToRecipient"
> > >                         >
> > >                             <wsp:Policy>
> > >                                 <sp:BootstrapPolicy>
> > >                                     <wsp:Policy>
> > >                                         <sp:SignedParts>
> > >                                             <sp:Body />
> > >                                             <sp:Header
> > >                                                 Name="To"
> > >                                                 Namespace="
> > > http://www.w3.org/2005/08/addressing" />
> > >                                             <sp:Header
> > >                                                 Name="From"
> > >                                                 Namespace="
> > > http://www.w3.org/2005/08/addressing" />
> > >                                             <sp:Header
> > >                                                 Name="FaultTo"
> > >                                                 Namespace="
> > > http://www.w3.org/2005/08/addressing" />
> > >                                             <sp:Header
> > >                                                 Name="ReplyTo"
> > >                                                 Namespace="
> > > http://www.w3.org/2005/08/addressing" />
> > >                                             <sp:Header
> > >                                                 Name="MessageID"
> > >                                                 Namespace="
> > > http://www.w3.org/2005/08/addressing" />
> > >                                             <sp:Header
> > >                                                 Name="RelatesTo"
> > >                                                 Namespace="
> > > http://www.w3.org/2005/08/addressing" />
> > >                                             <sp:Header
> > >                                                 Name="Action"
> > >                                                 Namespace="
> > > http://www.w3.org/2005/08/addressing" />
> > >                                         </sp:SignedParts>
> > >                                         <sp:EncryptedParts>
> > >                                             <sp:Body />
> > >                                         </sp:EncryptedParts>
> > >                                         <sp:TransportBinding>
> > >                                             <wsp:Policy>
> > >                                                 <sp:TransportToken>
> > >                                                     <wsp:Policy>
> > >
> > > <sp:HttpsToken
> > >
> > > RequireClientCertificate="false" />
> > >                                                     </wsp:Policy>
> > >                                                 </sp:TransportToken>
> > >                                                 <sp:AlgorithmSuite>
> > >                                                     <wsp:Policy>
> > >                                                         <sp:Basic256 />
> > >                                                     </wsp:Policy>
> > >                                                 </sp:AlgorithmSuite>
> > >                                                 <sp:Layout>
> > >                                                     <wsp:Policy>
> > >                                                         <sp:Strict />
> > >                                                     </wsp:Policy>
> > >                                                 </sp:Layout>
> > >                                                 <sp:IncludeTimestamp />
> > >                                             </wsp:Policy>
> > >                                         </sp:TransportBinding>
> > >                                         <sp:EndorsingSupportingTokens>
> > >                                             <wsp:Policy>
> > >                                                 <sp:X509Token
> > >                                                     sp:IncludeToken="
> > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> > > IncludeToken/AlwaysToRecipient"
> > >                                                 >
> > >                                                     <wsp:Policy>
> > >
> > > <sp:RequireThumbprintReference />
> > >
> > > <sp:WssX509V3Token10 />
> > >                                                     </wsp:Policy>
> > >                                                 </sp:X509Token>
> > >                                                 <sp:SignedParts>
> > >                                                     <sp:Header
> > >                                                         Name="To"
> > >                                                         Namespace="
> > > http://www.w3.org/2005/08/addressing" />
> > >                                                 </sp:SignedParts>
> > >                                             </wsp:Policy>
> > >                                         </sp:
> EndorsingSupportingTokens>
> > >                                         <sp:Wss11>
> > >                                             <wsp:Policy>
> > >
> > > <sp:MustSupportRefThumbprint />
> > >                                             </wsp:Policy>
> > >                                         </sp:Wss11>
> > >                                         <sp:Trust10>
> > >                                             <wsp:Policy>
> > >
> > > <sp:MustSupportIssuedTokens />
> > >
> > > <sp:RequireClientEntropy
> > />
> > >
> > > <sp:RequireServerEntropy
> > />
> > >                                             </wsp:Policy>
> > >                                         </sp:Trust10>
> > >                                     </wsp:Policy>
> > >                                 </sp:BootstrapPolicy>
> > >                             </wsp:Policy>
> > >                         </sp:SecureConversationToken>
> > >                     </wsp:Policy>
> > >                 </sp:EndorsingSupportingTokens>
> > >                 <sp:Wss11
> > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
> > > securitypolicy">
> > >                     <wsp:Policy />
> > >                 </sp:Wss11>
> > >                 <sp:Trust10
> > >                     xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
> > > securitypolicy"
> > >                 >
> > >                     <wsp:Policy>
> > >                         <sp:MustSupportIssuedTokens />
> > >                         <sp:RequireClientEntropy />
> > >                         <sp:RequireServerEntropy />
> > >                     </wsp:Policy>
> > >                 </sp:Trust10>
> > >                 <wsaw:UsingAddressing />
> > >             </wsp:All>
> > >         </wsp:ExactlyOne>
> > >     </wsp:Policy>
> > >
> > > and a message being sent to my mock service looks like:
> > >
> > > ID: 1
> > > Address: https://localhost:8443/mock-vls-ws/services/
> > > mockAuthenticationService
> > > Encoding: UTF-8
> > > Http-Method: POST
> > > Content-Type: application/soap+xml; action="http://schemas.
> > > xmlsoap.org/ws/2005/02/trust/RST/SCT"; charset=UTF-8
> > > Headers: {Accept=[*/*], cache-control=[no-cache],
> > > connection=[keep-alive], content-type=[application/soap+xml; action="
> > http://schemas.
> > > xmlsoap.org/ws/2005/02/trust/RST/SCT"; charset=UTF-8],
> > > host=[localhost:8443], pragma=[no-cache],
> > > transfer-encoding=[chunked], user-agent=[Apache-CXF/3.1.10]}
> > > Payload:
> > > <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
> > >     <soap:Header>
> > >         <Action xmlns="http://www.w3.org/2005/08/addressing">
> > > http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</Action>
> > >         <MessageID xmlns="http://www.w3.org/2005/08/addressing
> > ">urn:uuid:
> > > d4a37685-340a-41e3-9ad5-33d21601b2b2</MessageID>
> > >         <To xmlns="http://www.w3.org/2005/08/addressing"
> > >             xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-
> > > 200401-wss-wssecurity-utility-1.0.xsd"
> > >             wsu:Id="_7f09a81a-706a-4d03-932e-c402c7af8d16"
> > >         >https://localhost:8443/mock-vls-ws/services/
> > > mockAuthenticationService</To>
> > >         <ReplyTo xmlns="http://www.w3.org/2005/08/addressing">
> > >
> > > <Address>http://www.w3.org/2005/08/addressing/anonymous</
> > > Address>
> > >         </ReplyTo>
> > >         <wsse:Security
> > >
> > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-
> > > 200401-wss-wssecurity-secext-1.0.xsd"
> > >             xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-
> > > 200401-wss-wssecurity-utility-1.0.xsd"
> > >             soap:mustUnderstand="true"
> > >         >
> > >             <wsse:BinarySecurityToken
> > >
> > > EncodingType="http://docs.oasis-open.org/wss/2004/01/
> > > oasis-200401-wss-soap-message-security-1.0#Base64Binary"
> > >
> > > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-
> > > 200401-wss-x509-token-profile-1.0#X509v3"
> > >                 wsu:Id="X509-fbd22553-2805-4f67-af0c-cd552b6c4ea1"
> > >
> > > >MIIHPzCCBSegAwIBAgITRAAAc2IaBbGCTk7sGwAAAABzYjANBgkqhkiG9w0B
> > > AQsFADBBMRMwEQYKCZImiZPyLGQBGRYDRFBTMRMwEQYKCZImiZPyLGQBGRYD
> > > VExFMRUwEwYDVQQDEwxEUFNJc3N1ZUNBMDEwHhcNMTcxMTAxMTczMTUzWhcN
> > > MjAxMDMxMTczMTUzWjCBjTELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFz
> > > MQ8wDQYDVQQHEwZBdXN0aW4xKjAoBgNVBAoTIVRleGFzIERlcGFydG1lbnQg
> > > b2YgUHVibGljIFNhZmV0eTELMAkGA1UECxMCSVQxJDAiBgNVBAMMG2Rwcy5k
> > > ZXZlbG9wZXJAZHBzLnRleGFzLmdvdjCCASIwDQYJKoZIhvcNAQEBBQADggEP
> > > ADCCAQoCggEBAIPrRFbLW92EYqeCr/jrEkFaHLP4Zm8lMnpNV1aJtEPuZno3GdBtRNad
> > > TH
> > > pg+ x6dKQemTgrpZJIzBCsm6iCWliB2PWqdFbQKt3DQoG4o8fT8DxPNZLod9Y/
> > > Rfi8Lb7NO33WdFu6JG8KRypTs1mQUItQ03TbKapACMmyoXhctZEgnSkwQUBY
> > > F6jUHMoOpcxj6pPr/oaV9YMfh4P2eyKxNTdJGJXGe9kUPpLRydgoBq9NHluUfjsxKQ4S
> > > Tw
> > > G45+ 8TMZnXZOF3qQpW2Ny1shn5V2wSECZBHiTaTtshcIz6Kxew47nW9DQ2ITpbba
> > > lYTXdnaBOalKpKkS0r4/96QD2HrYQECAwEAAaOCAuEwggLdMB0
> > > GA1UdDgQWBBRHFQmUcuBtf6vI5ikCLF1uudlSezAfBgNVHSMEGDAWgBSqB1gVMhLVRX/
> > > DsU7Cy9JdkhJExjCCAQQGA1UdHwSB/DCB+TCB9qCB86CB8IaBt2xkYXA6Ly8vQ04
> > > 9RFBTSXNzdWVDQTAxLENOPUhEUVBSRElUU0lDQTAwMSxDTj1DRFAsQ049UHV
> > > ibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJ
> > > hdGlvbixEQz1UTEUsREM9RFBTP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/
> > > YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIY0aHR0cDov
> > > L2NybC5kcHMudGV4YXMuZ292L2NlcnRlbnJvbGwvRFBTSXNzdWVDQTAxLmNy
> > > bDCB5QYIKwYBBQUHAQEEgdgwgdUwgacGCCsGAQUFBzAChoGabGRhcDovLy9D
> > > Tj1EUFNJc3N1ZUNBMDEsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZp
> > > Y2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9VExFLERDPURQ
> > > Uz9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdG
> > > lvbkF1dGhvcml0eTApBggrBgEFBQcwAYYdaHR0cDovL2NybC5kcHMudGV4YX
> > > MuZ292L29jc3AwCwYDVR0PBAQDAgWgMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQ
> > > QBgjcVCKu3YYWw7zKHhZsih5egL4PJzHwhhI+/NoO2ljQCAWQCAQUwKQYDVR0lBCIwIA
> > > YIKwYBBQUHAwQGCisGAQQBgjcKAwQGCCsGAQUFBwMCMDUGCSsGAQQBgjcVCg
> > > QoMCYwCgYIKwYBBQUHAwQwDAYKKwYBBAGCNwoDBDAKBggrBgEFBQcDAjANBg
> > > kqhkiG9w0BAQsFAAOCAgEApbhMNf/KZge1ZtpY9xpokh3Zuo3VbNnIi0A6V
> > > 5PWE/UN8AXIvq6IsbjES+XLxecIkNmSBvZllSvEzZzSnDy/XFlqVGCYRWS8LDrm/
> > > 1NAjyr4YXfRZyOTxE7W4RyyBsRpLRk2VsgCZ8wpO9kmG8vogp+
> > > 6Bd0DQQayuTrJbAtlw0SBBgCd6pIWfG9LoCsvKKmNd6xi65clijxxWm82w14KqlUEcR/
> > > mgFoCJLJ1qpshHmqK5nc283nDmlnKB1jdOBHOZ3S6j5YpLlxxWHZhntwd01w
> > > /wKntwAZDHSagRCSvWz+gct47//chfjcCIzaUqTTY9Pw0VjDy+
> > > KDgOaVp2lAlHEWs5Ts3nT0AfTJDSDtDmOikyfAJlUIM08jfKUIIMOh1w/
> > > DC4SEFESl8vnmOimnqN2bFO5KmyulMD4XwWQBxuwmub1eR80Z3//
> > > hynXp6aCcUEaTswDmlws24Ecv9ILuSVohQC+WtJAB5bbRQTbbuYu+
> > > taabxGNl9Hyh9zTyNrbM3nG5GkaxtSYy2fNiVqzS88sXOShye3GEfgb0a/
> > > OFpC736wbMPV+I7HNbqGa9Zi+KdsJLA32cbnJO1g2yThdpT05uoikNN
> > > QrHuse0RtOZJdpLEnRejW96WQYHmxm/tlL64ZPskl5dnlUrbzTqQ9oyJqueDe
> > > 1eP9jaId6NjAuKzLkQ=</wsse:BinarySecurityToken>
> > >             <wsu:Timestamp wsu:Id="TS-c1511394-ae6f-4a4c-
> > > b8c4-a97df1bbd782">
> > >                 <wsu:Created>2017-11-02T22:02:30.558Z</wsu:Created>
> > >                 <wsu:Expires>2017-11-02T22:07:30.558Z</wsu:Expires>
> > >             </wsu:Timestamp>
> > >             <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#
> "
> > >                 Id="SIG-d17430ac-1be2-410d-b4ed-389fa2c71d9c"
> > >             >
> > >                 <ds:SignedInfo>
> > >                     <ds:CanonicalizationMethod
> > >
> > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#
> > > "
> > >                     >
> > >                         <ec:InclusiveNamespaces
> > >                             xmlns:ec="http://www.w3.org/
> > > 2001/10/xml-exc-c14n#"
> > >                             PrefixList="soap" />
> > >                     </ds:CanonicalizationMethod>
> > >                     <ds:SignatureMethod
> > >                         Algorithm="http://www.w3.org/
> > > 2000/09/xmldsig#rsa-sha1" />
> > >                     <ds:Reference URI="#TS-c1511394-ae6f-4a4c-
> > > b8c4-a97df1bbd782">
> > >                         <ds:Transforms>
> > >                             <ds:Transform
> > >                                 Algorithm="http://www.w3.org/
> > > 2001/10/xml-exc-c14n#"
> > >                             >
> > >                                 <ec:InclusiveNamespaces
> > >                                     xmlns:ec="http://www.w3.org/
> > > 2001/10/xml-exc-c14n#"
> > >                                     PrefixList="wsse soap" />
> > >                             </ds:Transform>
> > >                         </ds:Transforms>
> > >                         <ds:DigestMethod
> > >                             Algorithm="http://www.w3.org/
> > > 2000/09/xmldsig#sha1" />
> > >
> > > <ds:DigestValue>oUUE187y3bNvLUk0KvKAMQi5oS0=</
> > > ds:DigestValue>
> > >                     </ds:Reference>
> > >                     <ds:Reference URI="#_7f09a81a-706a-4d03-
> > > 932e-c402c7af8d16">
> > >                         <ds:Transforms>
> > >                             <ds:Transform
> > >                                 Algorithm="http://www.w3.org/
> > > 2001/10/xml-exc-c14n#"
> > >                             >
> > >                                 <ec:InclusiveNamespaces
> > >                                     xmlns:ec="http://www.w3.org/
> > > 2001/10/xml-exc-c14n#"
> > >                                     PrefixList="soap" />
> > >                             </ds:Transform>
> > >                         </ds:Transforms>
> > >                         <ds:DigestMethod
> > >                             Algorithm="http://www.w3.org/
> > > 2000/09/xmldsig#sha1" />
> > >
> > > <ds:DigestValue>J3b0s0Tc7Z9nwyg6ryeyXi5V7Wk=</
> > > ds:DigestValue>
> > >                     </ds:Reference>
> > >                 </ds:SignedInfo>
> > >                 <ds:SignatureValue>UED8ewbdSQUhh6k7Py+P+
> > > 5wveYhhM8xwpaBhn5IYKqqPSFzQSkFCG3q7oN/tOL3Oe33N2Xm+
> > > zPD26Qr7t7LGSEIXUU3ALxtnf8MtS3FRo9C6pxPPC6QuN0dYupPFZnQpYtNB
> > > L9i9HIRB9dqh9I7NAdz3OGBCjdB8j0scP9V830YSf5fy5Sq5uC2uNV4Ee9tE
> > > mPbY1yStH8htwPHeQEAFlQ0eNRCGrKL30af9waXGPXetMfuoQPMIbNssImie
> > > 5cz2O56DGs88bBLZZaLG8LdoouAti9v2DGmlL9A42iJjXs19jQy+HP+4zy/
> > > vteV/aRhk4t8Q+tJcbn3piy7+pFnuhQ==</ds:SignatureValue>
> > >                 <ds:KeyInfo Id="KI-2b2d8678-1047-4bbb-
> > a9f6-33de176b569e">
> > >                     <wsse:SecurityTokenReference
> > >                         xmlns:wsse="http://docs.oasis-
> > > open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> > >                         xmlns:wsu="http://docs.oasis-
> > > open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> > >                         wsu:Id="STR-2e70c6dd-87f9-
> > 449e-9659-e0853efef74f"
> > >                     >
> > >                         <wsse:KeyIdentifier
> > >                             EncodingType="http://docs.
> > > oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-
> > > security-1.0#Base64Binary"
> > >                             ValueType="http://docs.oasis-
> > > open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1"
> > >                         >y5plsGZ1ujCONeUMI+FuNgfF8LU=<
> > /wsse:KeyIdentifier>
> > >                     </wsse:SecurityTokenReference>
> > >                 </ds:KeyInfo>
> > >             </ds:Signature>
> > >         </wsse:Security>
> > >     </soap:Header>
> > >     <soap:Body>
> > >         <wst:RequestSecurityToken xmlns:wst="http://schemas.
> > > xmlsoap.org/ws/2005/02/trust">
> > >             <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/
> > > 02/trust/Issue</wst:RequestType>
> > >             <wsp:AppliesTo xmlns:wsp="http://www.w3.org/ns/ws-policy">
> > >                 <wsa:EndpointReference xmlns:wsa="http://www.w3.org/
> > > 2005/08/addressing">
> > >                     <wsa:Address>https://localhost:8443/mock-vls-ws/
> > > services/mockAuthenticationService</wsa:Address>
> > >                 </wsa:EndpointReference>
> > >             </wsp:AppliesTo>
> > >             <wst:Lifetime
> > >
> > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-
> > > 200401-wss-wssecurity-utility-1.0.xsd"
> > >             >
> > >                 <wsu:Created>2017-11-02T22:02:29.214Z</wsu:Created>
> > >                 <wsu:Expires>2017-11-02T22:07:29.214Z</wsu:Expires>
> > >             </wst:Lifetime>
> > >
> > > <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct<
> > > /wst:TokenType>
> > >             <wst:KeySize>256</wst:KeySize>
> > >             <wst:Entropy>
> > >                 <wst:BinarySecret
> > >                     Type="http://schemas.xmlsoap.
> > > org/ws/2005/02/trust/Nonce"
> > >                 >0UEx1yrKYAbPt0/m6tuSeyjFvVV4bE1bvN97D9lT0bw=<
> > > /wst:BinarySecret>
> > >             </wst:Entropy>
> > >             <wst:ComputedKeyAlgorithm>http://schemas.xmlsoap.org/ws/
> > > 2005/02/trust/CK/PSHA1</wst:ComputedKeyAlgorithm>
> > >             <wst:Renewing />
> > >         </wst:RequestSecurityToken>
> > >     </soap:Body>
> > > </soap:Envelope>
> > >
> > >
> > > Here is my Spring Endpoint config:
> > >
> > >
> > >     <bean id="Aamva_Authentication_Request" class="org.apache.cxf.ws.
> > > security.wss4j.WSS4JInInterceptor">
> > >         <constructor-arg>
> > >             <map>
> > >                 <entry key="action" value="Timestamp Signature" />
> > >                 <entry key="user" value="dls-vls-mock-service-
> > client-key"
> > > />
> > >                 <entry key="passwordType" value="PasswordText" />
> > >                 <entry key="passwordCallbackClass"
> > >                     value="gov.uscis.uscis.xsd.esb.authentication.
> > > AuthenticationServicePasswordCallback" />
> > >                 <entry key="decryptionPropFile" value="cxf/cxf-crypto.
> > properties"
> > > />
> > >                 <entry key="signaturePropFile" value="cxf/cxf-crypto.
> > properties"
> > > />
> > >                 <entry key="signatureUser"
> > > value="dls-vls-mock-service-
> > client-key"
> > > />
> > >                 <entry key="signatureKeyIdentifier"
> > > value="X509KeyIdentifier " />
> > >                 <entry key="signatureParts"
> > >                     value="{Element}{http://docs.
> > > oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xs
> > > d} BinarySecurityToken;{Element}{http://docs.oasis-open.org/
> > > wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}
> > > Timestamp;{}{http://www.w3.org/2000/09/xmldsig}Signature;
> > > {Content}{http://schemas.xmlsoap.org/soap/envelope/}Body;" />
> > >
> > > <!--
> > >                 <entry key="encryptionPropFile" value="cxf/cxf-crypto.
> > properties"
> > > />
> > >                 <entry key="encryptionParts"
> > >
> > > value="{Content}{http://schemas.xmlsoap.org/ws/2005/
> > > 07/securitypolicy}Body;" />
> > > -->
> > >             </map>
> > >         </constructor-arg>
> > >     </bean>
> > >
> > >     <bean id="Aamva_Authentication_Response" class="org.apache.cxf.ws.
> > > security.wss4j.WSS4JOutInterceptor">
> > >         <constructor-arg>
> > >             <map>
> > >                 <entry key="action" value="Timestamp Signature" />
> > >                 <entry key="user" value="dls-vls-mock-service-
> > client-key"
> > > />
> > >                 <entry key="passwordType" value="PasswordText" />
> > >                 <entry key="passwordCallbackClass"
> > >                     value="gov.uscis.uscis.xsd.esb.authentication.
> > > AuthenticationServicePasswordCallback" />
> > >                 <entry key="signaturePropFile" value="cxf/cxf-crypto.
> > properties"
> > > />
> > >                 <entry key="signatureKeyIdentifier"
> > > value="X509KeyIdentifier " />
> > >                 <entry key="signatureParts"
> > >                     value="{Element}{http://docs.
> > > oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xs
> > > d} BinarySecurityToken;{Element}{http://docs.oasis-open.org/
> > > wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}
> > > Timestamp;{}{http://www.w3.org/2000/09/xmldsig}Signature;
> > > {Content}{http://schemas.xmlsoap.org/soap/envelope/}Body;" />
> > > <!--
> > >                 <entry key="encryptionPropFile" value="cxf/cxf-crypto.
> > properties"
> > > />
> > >                 <entry key="encryptionParts"
> > >
> > > value="{Content}{http://schemas.xmlsoap.org/ws/2005/
> > > 07/securitypolicy}Body;" />
> > > -->
> > >             </map>
> > >         </constructor-arg>
> > >     </bean>
> > >
> > >     <jaxws:endpoint id="mockAuthenticationServiceEndpoint" bus="cxf"
> > >         address="/mockAuthenticationService"
> > >         implementor="gov.uscis.uscis.xsd.esb.authentication.
> > > AuthenticationServiceImpl"
> > >     >
> > >         <jaxws:binding>
> > >             <soap:soapBinding mtomEnabled="true" version="1.2" />
> > >         </jaxws:binding>
> > >
> > >         <jaxws:inInterceptors>
> > >             <ref bean="Aamva_Authentication_Request" />
> > >             <bean class="org.apache.cxf.binding.
> > soap.saaj.SAAJInInterceptor"
> > > />
> > >         </jaxws:inInterceptors>
> > >
> > >         <jaxws:outInterceptors>
> > >             <ref bean="Aamva_Authentication_Response" />
> > >             <bean class="org.apache.cxf.binding.
> > soap.saaj.SAAJOutInterceptor"
> > > />
> > >         </jaxws:outInterceptors>
> > >
> > >     </jaxws:endpoint>
> > >
> > > Since adding the signatureParts entries, now I am getting:
> > >
> > > 2017-11-02 21:40:11.369 WARN   [org.apache.cxf.common.
> logging.LogUtils]
> > > Interceptor for {http://aamva.org/authentication/3.1.0}
> > > AuthenticationService has thrown exception, unwinding now
> > > org.apache.cxf.interceptor.Fault: Message part {
> > > http://schemas.xmlsoap.org/ws/2005/02/trust}RequestSecurityToken was
> > > not recognized.  (Does it exist in service WSDL?)
> > >
> > >
> > > I am out of my depth here. Can anyone suggest how to get the JAX:WS
> > > markup to match up with the WSDL policy?
> > >
> > > Thanks.
> > >
> >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message