Can you attach a stack trace and/or logging information? I suspect the problem is in your callback implementations. Have you changed your ClientCallback implementation to account for encryption as well?
Colm. -----Original Message----- From: kasperih [mailto:[EMAIL PROTECTED] Sent: 04 March 2008 11:29 To: [email protected] Subject: RE: WS-Security - signature problems Hi Colm Thanks that was definetly wrong, I fixed that but it still doesn't work. I also changed it a bit so that it also tries to encrypt, but it doesn't seem to get by the signature. If I remove the signatrue action and only tries the encrypt then that doesn't work either. I gave both the cleint and the server the same alias, is that a problem? I have attached the altered code again. Here is part of my client.xml <bean id="wss4jOut" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> <constructor-arg> <map> <entry key="action" value="Timestamp Signature Encrypt" /> <entry key="user" value="football-client" /> <!-- <entry key="passwordType" value="PasswordDigest" />--> <entry key="passwordCallbackClass" value="football.demo.client.ClientPasswordCallback" /> <entry key="signaturePropFile" value="client_sign.properties"/> <entry key="signatureKeyIdentifier" value="DirectReference"/> <entry key="signatureParts" value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss -wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.o rg/soap/envelope/}Body"/> <entry key="encryptionPropFile" value="server_sign.properties"/> <entry key="encryptionUser" value="football-client"/> <entry key="encryptionParts" value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{ http://schemas.xmlsoap.org/soap/envelope/}Body"/> <entry key="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> </map> </constructor-arg> </bean> and here is the matching server.xml <bean id="wss4jIn" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> <constructor-arg> <map> <entry key="action" value="Timestamp Signature Encrypt" /> <!-- <entry key="passwordType" value="PasswordDigest" />--> <entry key="passwordCallbackClass" value="football.demo.server.ServerPasswordCallback" /> <entry key="signaturePropFile" value="client_sign.properties"/> <entry key="decryptionPropFile" value="server_sign.properties"/> </map> </constructor-arg> </bean> Kasper O hEigeartaigh, Colm wrote: > > > Hi Kasper, > > Here's the problem - you generate your keys with: > > "-keypass keyStorePassword" > > Yet your ClientPasswordCallback.java has: > > " pc.setPassword("keyPassword");" > > Change the above to "pc.setPassword("keyStorePassword");" and it should > work ok. > > Colm. > > -----Original Message----- > From: kasperih [mailto:[EMAIL PROTECTED] > Sent: 03 March 2008 19:54 > To: [email protected] > Subject: RE: WS-Security - signature problems > > > I have attached all the files that you asked for. Its the entire > folder with all the relvant files. > > - keytool -genkey -alias football-client -keypass keyStorePassword > -keystore client-keystore.jks -storepass keyStorePassword -dname > "cn=football-client" -keyalg RSA > > - keytool -selfcert -alias football-client -keystore > client-keystore.jks - storepass keyStorePassword -keypass > keyStorePassword > > - keytool -export -alias football-client -file key.rsa -keystore > client-keystore.jks -storepass keyStorePassword > > - keytool -import -alias football-client -file key.rsa -keystore > server-keystore.jks -storepass keyStorePassword > > > These are the commands I used in order to create the keys. > > > Regards > Kasper H > > > > O hEigeartaigh, Colm wrote: >> >> >> Can you attach the full code for your sample? >> >> Colm. >> >> -----Original Message----- >> From: Kasper Hansen [mailto:[EMAIL PROTECTED] >> Sent: 03 March 2008 13:30 >> To: [email protected] >> Subject: WS-Security - signature problems >> >> I am rather new to using the cxf. I checked out from svn and had a >> look at the samples in the disrubution folder. I didn't find a sample >> for the ws-security so I decided to make one myself. >> I started with the UsernameToken and this worked fine, I added the >> logging interceptor and i could see in the SOAP headers that >> everything was working fine. But then I wanted to sign the message, I >> followed the instrucions at the cxf page to make the keystores but i >> cannot get it to work. When I run my server and client, the server >> runs fine and so does the client, but before I saw the messages in my >> client windows that was sent but now it seems that nothing gets send, >> but there is no errors to see even though I turned logging on the log >> ALL. >> >> Here is what i have in my server.xml file: >> >> <bean id="saajIn" >> class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /> >> <bean id="wss4jIn" >> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> >> <constructor-arg> >> <map> >> <entry key="action" value="UsernameToken Timestamp >> Signature" /> >> <entry key="passwordType" value="PasswordDigest" /> >> <entry key="passwordCallbackClass" >> value="football.demo.server.ServerPasswordCallback" /> >> <entry key="signaturePropFile" >> value="server_sign.properties"/> >> </map> >> </constructor-arg> >> </bean> >> >> <cxf:bus> >> <cxf:inInterceptors> >> <ref bean="saajIn"/> >> <ref bean="wss4jIn"/> >> </cxf:inInterceptors> >> <cxf:features> >> <cxf:logging/> >> </cxf:features> >> </cxf:bus> >> </beans> >> >> And in my client.xml file >> >> <bean id="saajOut" >> class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" /> >> <bean id="wss4jOut" >> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> >> <constructor-arg> >> <map> >> <entry key="action" value="UsernameToken Timestamp Signature" > /> >> <entry key="user" value="football-client" /> >> <entry key="passwordType" value="PasswordDigest" /> >> <entry key="passwordCallbackClass" >> value="football.demo.client.ClientPasswordCallback" /> >> <entry key="signaturePropFile" > value="client_sign.properties"/> >> </map> >> </constructor-arg> >> </bean> >> >> <cxf:bus> >> <cxf:outInterceptors> >> <ref bean="saajOut"/> >> <ref bean="wss4jOut"/> >> </cxf:outInterceptors> >> <cxf:features> >> <cxf:logging/> >> </cxf:features> >> </cxf:bus> >> >> </beans> >> >> >> Thr request never reaches the server because it doesn't get send, here >> is the last output in the client command prompt: >> >> [java] >> [java] 03-03-2008 14:13:11 >> org.apache.cxf.phase.PhaseInterceptorChain doIntercept >> [java] FINE: Invoking handleMessage on interceptor >> org.apache.cxf.jaxws.handler.logical.LogicalHandlerOutIntercepto >> [EMAIL PROTECTED] >> [java] 03-03-2008 14:13:11 >> org.apache.cxf.phase.PhaseInterceptorChain doIntercept >> [java] FINE: Invoking handleMessage on interceptor >> [EMAIL PROTECTED] >> [java] 03-03-2008 14:13:11 >> org.apache.cxf.phase.PhaseInterceptorChain doIntercept >> [java] FINE: Invoking handleMessage on interceptor >> [EMAIL PROTECTED] >> [java] 03-03-2008 14:13:11 >> org.apache.cxf.phase.PhaseInterceptorChain doIntercept >> [java] FINE: Invoking handleMessage on interceptor >> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInt >> [EMAIL PROTECTED] >> [java] 03-03-2008 14:13:11 >> > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor >> Internal >> handleM >> essage >> [java] FINE: WSDoAllSender: enter invoke() >> [java] 03-03-2008 14:13:11 >> > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor >> Internal >> handleM >> essage >> [java] FINE: Action: 35 >> [java] 03-03-2008 14:13:11 >> > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor >> Internal >> handleM >> essage >> [java] FINE: Actor: null >> [java] 03-03-2008 14:13:11 org.apache.ws.security.WSSConfig >> loadProvider >> [java] FINE: The provider JuiCE could not be added: >> org.apache.security.juice.provider.JuiCEProviderOpenSSL >> [java] 03-03-2008 14:13:11 org.apache.ws.security.util.Loader >> getResource >> [java] FINE: Trying to find [client_sign.properties] using >> [EMAIL PROTECTED] class loader. >> [java] 03-03-2008 14:13:11 >> org.apache.ws.security.components.crypto.CryptoFactory loadClass >> [java] FINE: Using Crypto Engine >> [org.apache.ws.security.components.crypto.Merlin] >> [java] 03-03-2008 14:13:11 org.apache.ws.security.util.Loader >> getResource >> [java] FINE: Trying to find [client-keystore.jks] using >> [EMAIL PROTECTED] class loader. >> [java] 03-03-2008 14:13:11 >> org.apache.ws.security.handler.WSHandler doSenderAction >> [java] FINE: Performing Action: 1 >> [java] 03-03-2008 14:13:11 >> org.apache.ws.security.message.WSSecUsernameToken build >> [java] FINE: Begin add username token... >> [java] 03-03-2008 14:13:11 >> org.apache.ws.security.handler.WSHandler doSenderAction >> [java] FINE: Performing Action: 32 >> [java] 03-03-2008 14:13:11 >> org.apache.ws.security.message.WSSecTimestamp build >> [java] FINE: Begin add timestamp... >> [java] 03-03-2008 14:13:11 >> org.apache.ws.security.handler.WSHandler doSenderAction >> [java] FINE: Performing Action: 2 >> [java] 03-03-2008 14:13:11 >> org.apache.ws.security.message.WSSecSignature build >> [java] FINE: Beginning signing... >> [java] 03-03-2008 14:13:11 >> org.apache.ws.security.message.WSSecSignature prepare >> [java] FINE: automatic sig algo detection: RSA >> [java] 03-03-2008 14:13:11 >> org.apache.xml.security.algorithms.SignatureAlgorithm <init> >> [java] FINE: Create URI >> "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; class "class >> org.apache.xml.security.algorithm >> s.implementations.SignatureBaseRSA$SignatureRSASHA1" >> [java] 03-03-2008 14:13:11 >> org.apache.xml.security.algorithms.JCEMapper translateURItoJCEID >> [java] FINE: Request for URI >> http://www.w3.org/2000/09/xmldsig#rsa-sha1 >> [java] 03-03-2008 14:13:11 >> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA >> <init> >> [java] FINE: Created SignatureDSA using SHA1withRSA >> [java] 03-03-2008 14:13:11 >> org.apache.xml.security.utils.ElementProxy <init> >> [java] FINE: setElement("ds:SignatureMethod", "null") >> [java] 03-03-2008 14:13:11 >> org.apache.xml.security.algorithms.SignatureAlgorithm <init> >> [java] FINE: Create URI >> "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; class "class >> org.apache.xml.security.algorithm >> s.implementations.SignatureBaseRSA$SignatureRSASHA1" >> [java] 03-03-2008 14:13:11 >> org.apache.xml.security.algorithms.JCEMapper translateURItoJCEID >> [java] FINE: Request for URI >> http://www.w3.org/2000/09/xmldsig#rsa-sha1 >> [java] 03-03-2008 14:13:11 >> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA >> <init> >> [java] FINE: Created SignatureDSA using SHA1withRSA >> >> BUILD SUCCESSFUL >> Total time: 8 seconds >> >> I would have expected to see a message? Could anyone help me with this >> problem? >> >> Regards >> Kasper H >> >> ---------------------------- >> IONA Technologies PLC (registered in Ireland) >> Registered Number: 171387 >> Registered Address: The IONA Building, Shelbourne Road, Dublin 4, > Ireland >> >> > http://www.nabble.com/file/p15812284/Football.zip Football.zip > -- > View this message in context: > http://www.nabble.com/WS-Security---signature-problems-tp15805470p158122 > 84.html > Sent from the cxf-user mailing list archive at Nabble.com. > > ---------------------------- > IONA Technologies PLC (registered in Ireland) > Registered Number: 171387 > Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland > > http://www.nabble.com/file/p15825240/Football.zip Football.zip -- View this message in context: http://www.nabble.com/WS-Security---signature-problems-tp15805470p158252 40.html Sent from the cxf-user mailing list archive at Nabble.com. ---------------------------- IONA Technologies PLC (registered in Ireland) Registered Number: 171387 Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
