Unfortunately not as my problem is different as the one described:
My encryption/descryption works fine across multiple machines and normal soap requests do get both de- and encrypted fine on both ends! It's the fault messages only that impose a problem: The server does NOT encrypt/sign fault messages (it DOES, however, encrypt the regular messages). Fault messages only are send b the server without any security headers whatsoever...
Quoting Prabath Siriwardena <[EMAIL PROTECTED]>:
Hi Mark; You may find the answer here[1]. Thanks & regards. -Prabath [1]:http://wso2.org/forum/thread/4340#comment-7247 Maik Hassel wrote:Hello everyone, I have a web service using the security policy below (signed and encrypted message body), which works fine, except that my fault messages do not get encrypted. I get the "missing security header" exception at the client - using TCPMon I can see that indeed the fault message is send without any security related info and in plain text. Am I missing something? Do I have to add additional configuration parameters for the signing and encryption of fault messages? Thanks for any hints, Maik ---- snip --- <serviceGroup> <service name="SearchServices"> <messageReceivers> <messageReceiver mep="http://www.w3.org/ns/wsdl/in-out"; class="ca.bc.xyz.SearchServicesMessageReceiverInOut"/> </messageReceivers> <parameter name="ServiceClass" locked="false">ca.bc.xyz.SearchServiceImplementation</parameter> <!-- <parameter name="useOriginalwsdl">true</parameter> <parameter name="modifyUserWSDLPortAddress">true</parameter> --> <operation name="SSearch" mep="http://www.w3.org/ns/wsdl/in-out"; namespace="...."> <actionMapping>SyncSearch</actionMapping> <outputActionMapping>....</outputActionMapping> <faultActionMapping faultName="DPSearchFault">...</faultActionMapping> <faultActionMapping faultName="XYZFault">urn:....</faultActionMapping> </operation> <module ref="rampart" /> <wsp:Policy xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="mypolicy"> <sp:AsymmetricBinding> <wsp:Policy> <sp:InitiatorToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <wsp:Policy> <sp:WssX509V3Token10 /> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:InitiatorToken> <sp:RecipientToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> <wsp:Policy> <sp:WssX509V3Token10 /> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:RecipientToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15 /> </wsp:Policy> </sp:AlgorithmSuite> </wsp:Policy> </sp:AsymmetricBinding> <sp:Wss10> <wsp:Policy> <sp:MustSupportRefEmbeddedToken /> <sp:MustSupportRefIssuerSerial /> </wsp:Policy> </sp:Wss10> <sp:SignedParts> <sp:Body /> </sp:SignedParts> <sp:EncryptedParts> <sp:Body /> </sp:EncryptedParts> <RampartConfig xmlns="http://ws.apache.org/rampart/policy";> <user>s1</user> <encryptionUser>useReqSigCert</encryptionUser> <passwordCallbackClass> ca.....webservice.server.search.PasswordCallbackHandler </passwordCallbackClass> <signatureCrypto> <crypto provider="org.apache.ws.security.components.crypto.Merlin"> <property name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS </property> <property name="org.apache.ws.security.crypto.merlin.file"> keystore.ks </property> <property name="org.apache.ws.security.crypto.merlin.keystore.password"> .... </property> </crypto> </signatureCrypto> <encryptionCrypto> <crypto provider="org.apache.ws.security.components.crypto.Merlin"> <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS </property> <property name="org.apache.ws.security.crypto.merlin.file"> keystore.ks </property> <property name="org.apache.ws.security.crypto.merlin.keystore.password">....</property> </crypto> </encryptionCrypto> </RampartConfig> </wsp:Policy> </service> </serviceGroup>--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- Simply Efficient - IT Services, Consulting, Training Inc. "We Keep Our Promises" Vancouver, BC Phone: +1 604.315.8446 Fax : +1 604.731.1147 http://www.simplyefficient.ca --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
