Apologies for the delay in responding to this, anonymous wrote : That should also work, but using this you won't be able to send secured messages outbound. At the moment I am only concerned with securing the client to server messages.
anonymous wrote : What encryption options did you use with the sun stack? I am using the example from the JBossWS documentation. X.509 certificates. anonymous wrote : Also, can you post a copy of the message the client is sending? I am going to include the message without any security, then the message with signature, which works, and finally the message with encryption, which does not work. Original message without any security | <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'> | <env:Header/> | <env:Body> | <ns1:hello xmlns:ns1='http://iwise.nuigalway.ie/hello'> | <String_1>john</String_1> | </ns1:hello> | </env:Body> | </env:Envelope> | Message when signature is used | <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'> | <env:Header> | <wsse:Security env:mustUnderstand='1' xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'> | <wsu:Timestamp wsu:Id='timestamp'> | <wsu:Created>2006-11-04T12:34:51.546Z</wsu:Created> | </wsu:Timestamp> | <wsse:BinarySecurityToken EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3' wsu:Id='token-2-1162643691953-5313146'> | MIIEQTCCA6qgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgT | Cldhc2hpbmd0b24xGDAWBgNVBAcTD1Nub3F1YWxtaWUgUGFzczETMBEGA1UEChMKSkJvc3MgSW5j | LjELMAkGA1UECxMCUUExEjAQBgNVBAMTCWpib3NzLmNvbTEeMBwGCSqGSIb3DQEJARYPYWRtaW5A | amJvc3MuY29tMB4XDTA1MDkxNTAwMDk0MVoXDTE1MDkxMzAwMDk0MVowgYsxCzAJBgNVBAYTAlVT | MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRMwEQYDVQQKEwpKQm9zcyBJbmMuMRQwEgYDVQQLEwtEZXZl | bG9wbWVudDEVMBMGA1UEAxMMSmFzb24gR3JlZW5lMSUwIwYJKoZIhvcNAQkBFhZqYXNvbi5ncmVl | bmVAamJvc3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzj+VomXdEuHTg4g | N9mN865eulLiAPITiZMLfz2ODuzF0pj39iTKhHM8IS6YQYbkPGRXMTmnCy0NFfMsVKTXs/9rZBMP | 1ko3kZopaN+XrUT8yxIiydL76QYcRpDGgxG9G4kc+mHdt0rZtARWVwoVPhO4Irx09AONpSYqdSq0 | 8jMXscA+yXwvhDHGV+J4CCSmQgYVa95OdDaAMnWp5csAfg4eL/GTLI36Up4tjsFnMq5NFKsCnZ1q | qxA1OO3CbhsK/IlEZw13alGJPJ1FgvaTZTZNh+h2YIKl//P5iQOtfURrzWsVwGcEa6S+lC72BJHj | JBOw4byI/FTi1HCe6wd3iQIDAQABo4IBJjCCASIwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd | T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFKzdWmBd7MDzEemEN6HMXIeq | St86MIHHBgNVHSMEgb8wgbyAFEuV2BcIYuw61dmN9JIrAvNK+hZ+oYGYpIGVMIGSMQswCQYDVQQG | EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEYMBYGA1UEBxMPU25vcXVhbG1pZSBQYXNzMRMwEQYD | VQQKEwpKQm9zcyBJbmMuMQswCQYDVQQLEwJRQTESMBAGA1UEAxMJamJvc3MuY29tMR4wHAYJKoZI | hvcNAQkBFg9hZG1pbkBqYm9zcy5jb22CCQCr9VL/ZBpN7zANBgkqhkiG9w0BAQUFAAOBgQDEU/Bs | M2Pqcr8j8/NdYlgSYXX1R7u2wjYkRnW6jeHlxNm5XeuY0t4nr8fq5S05YOAlU4LTJuGNMB8kZUit | hAU2QxkMLmKKsb+B1zIdzP756xC6x+5g0dXLIt0ItVjPv5GQIw1SRmQKBkfliwV5jOrkCzJ5/v04 | Hb1iUP9iqcdN2w== | </wsse:BinarySecurityToken> | <ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> | <ds:SignedInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> | <ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/> | <ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/> | <ds:Reference URI='#element-1-1162643691578-16749745' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> | <ds:Transforms xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> | <ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/> | </ds:Transforms> | <ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/> | <ds:DigestValue xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>x4eijpcBjBPlOeFy85O7ATVlBL0=</ds:DigestValue> | </ds:Reference> | <ds:Reference URI='#timestamp' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> | <ds:Transforms xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> | <ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/> | </ds:Transforms> | <ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/> | <ds:DigestValue xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>A4XlynInTQ1C6gnc+BSY27uEf0Q=</ds:DigestValue> | </ds:Reference> | </ds:SignedInfo> | <ds:SignatureValue xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> | S6K1pB4uNST52cUDEVucTYSC2534m5YgWp/E/lB4KdzYzlx9xa98V7wp+lAZlG1fN+mJn1UUkCiH | NNwkfxYbJmiwE+a3kUiBZayuregcq2uGugVSyUJnFTga+QoVn6Zl50kccJpqmrU1jb4WN7VrOVgw | Q2z/LB2KpvZx6vOKwEUsLoYHg7AS9LZsTQTdK7b3AJmvH+GAhb3iOQz4jRRjDD38N9CCTvRgXcwQ | zMPujTaLk7INMHIrds+rDGO7p7sjk7dteRQX9PXMo0z7c+OAAywCfg7HWZWMnfAiusGti5Oess42 | BtUVRnx8mD99rf98O5y5wgZfJZb1nldKT5xVVA== | </ds:SignatureValue> | <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> | <wsse:SecurityTokenReference wsu:Id='reference-3-1162643691953-9708927'> | <wsse:Reference URI='#token-2-1162643691953-5313146' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'/> | </wsse:SecurityTokenReference> | </ds:KeyInfo> | </ds:Signature> | </wsse:Security> | </env:Header> | <env:Body xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='element-1-1162643691578-16749745'> | <ns1:hello xmlns:ns1='http://iwise.nuigalway.ie/hello'> | <String_1>john</String_1> | </ns1:hello> | </env:Body> | </env:Envelope> | Message when encryption is used | <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'> | <env:Header> | <wsse:Security env:mustUnderstand='1' xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'> | <wsu:Timestamp wsu:Id='timestamp'> | <wsu:Created>2006-11-04T12:32:07.500Z</wsu:Created> | </wsu:Timestamp> | <wsse:BinarySecurityToken EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3' wsu:Id='token-2-1162643527953-19658898'> | MIIEQTCCA6qgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgT | Cldhc2hpbmd0b24xGDAWBgNVBAcTD1Nub3F1YWxtaWUgUGFzczETMBEGA1UEChMKSkJvc3MgSW5j | LjELMAkGA1UECxMCUUExEjAQBgNVBAMTCWpib3NzLmNvbTEeMBwGCSqGSIb3DQEJARYPYWRtaW5A | amJvc3MuY29tMB4XDTA1MDkxNTAwMDk0MVoXDTE1MDkxMzAwMDk0MVowgYsxCzAJBgNVBAYTAlVT | MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRMwEQYDVQQKEwpKQm9zcyBJbmMuMRQwEgYDVQQLEwtEZXZl | bG9wbWVudDEVMBMGA1UEAxMMSmFzb24gR3JlZW5lMSUwIwYJKoZIhvcNAQkBFhZqYXNvbi5ncmVl | bmVAamJvc3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzj+VomXdEuHTg4g | N9mN865eulLiAPITiZMLfz2ODuzF0pj39iTKhHM8IS6YQYbkPGRXMTmnCy0NFfMsVKTXs/9rZBMP | 1ko3kZopaN+XrUT8yxIiydL76QYcRpDGgxG9G4kc+mHdt0rZtARWVwoVPhO4Irx09AONpSYqdSq0 | 8jMXscA+yXwvhDHGV+J4CCSmQgYVa95OdDaAMnWp5csAfg4eL/GTLI36Up4tjsFnMq5NFKsCnZ1q | qxA1OO3CbhsK/IlEZw13alGJPJ1FgvaTZTZNh+h2YIKl//P5iQOtfURrzWsVwGcEa6S+lC72BJHj | JBOw4byI/FTi1HCe6wd3iQIDAQABo4IBJjCCASIwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd | T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFKzdWmBd7MDzEemEN6HMXIeq | St86MIHHBgNVHSMEgb8wgbyAFEuV2BcIYuw61dmN9JIrAvNK+hZ+oYGYpIGVMIGSMQswCQYDVQQG | EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEYMBYGA1UEBxMPU25vcXVhbG1pZSBQYXNzMRMwEQYD | VQQKEwpKQm9zcyBJbmMuMQswCQYDVQQLEwJRQTESMBAGA1UEAxMJamJvc3MuY29tMR4wHAYJKoZI | hvcNAQkBFg9hZG1pbkBqYm9zcy5jb22CCQCr9VL/ZBpN7zANBgkqhkiG9w0BAQUFAAOBgQDEU/Bs | M2Pqcr8j8/NdYlgSYXX1R7u2wjYkRnW6jeHlxNm5XeuY0t4nr8fq5S05YOAlU4LTJuGNMB8kZUit | hAU2QxkMLmKKsb+B1zIdzP756xC6x+5g0dXLIt0ItVjPv5GQIw1SRmQKBkfliwV5jOrkCzJ5/v04 | Hb1iUP9iqcdN2w== | </wsse:BinarySecurityToken> | <xenc:EncryptedKey xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'> | <xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-1_5' xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'/> | <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> | <wsse:SecurityTokenReference wsu:Id='reference-6-1162643528796-29247351'> | <wsse:Reference URI='#token-2-1162643527953-19658898' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'/> | </wsse:SecurityTokenReference> | </ds:KeyInfo> | <xenc:CipherData xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'> | <xenc:CipherValue xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'> | K8nIvL9BkXrik4+lOwNrueanacrp8cC/WwV3PW8ch4T3ilvEP4GGoMgrzddZvwgOW8AiUHD6BVOd | Mui723FZYSatEim0/hpTdRBd2rKtSiEy1bbXZEJeGDo1MMyJaY73zaJcDVCNLn34x2MvTDCdgOw1 | +oN2XxjCa49/7jmqMWPZcgIBofr+JKxtcob25TDxHr+NARNl24Khap3yEp3CxC48fZXwtN/fNWaG | jE1pgAz4UD5/0oe8lsUgeDPolQ/3JvZYmT0kVDf1ldK3B6oAzoOIy+8AnEc9D4Ohp6XlFZA+MPwV | QktRYaABzTdq8r5Nk7a7lnOgDEOYaC8Z5WJz2g== | </xenc:CipherValue> | </xenc:CipherData> | <xenc:ReferenceList xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'> | <xenc:DataReference URI='#encrypted-5-1162643528328-14137305' xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'/> | </xenc:ReferenceList> | </xenc:EncryptedKey> | <ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> | <ds:SignedInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> | <ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/> | <ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/> | <ds:Reference URI='#element-1-1162643527531-8703610' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> | <ds:Transforms xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> | <ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/> | </ds:Transforms> | <ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/> | <ds:DigestValue xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>f3PVDTNNDozFWI59ANWwaG4SK3E=</ds:DigestValue> | </ds:Reference> | <ds:Reference URI='#timestamp' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> | <ds:Transforms xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> | <ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/> | </ds:Transforms> | <ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/> | <ds:DigestValue xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>ueejBXsOigMMxCc43KcWHUmfhlM=</ds:DigestValue> | </ds:Reference> | </ds:SignedInfo> | <ds:SignatureValue xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> | r27Gy2CfU86hwFL+P9tNZ+gzj5cmJ0zdIcV/jqAx9FVloJZRoFcwXLI3+JlbsdXaDOoR04gBrbyc | WJI9Enx2zlMuo1mnIUvFJ6wQ5x4ak6uFsj5C56+uQUB7nEXEDDPejKhbOwiDHooz6KCdh+gTGKkU | StvXiR3ZDsc9SqaQ3uj3xdmlhNCe4KxSAX2DOGcZfT1CWIVYyq4Rt+oMnmhN6kJMQLQbTwOrxhXc | qMzLN750UgKoN27Dd/KtUpnKkagl3zzqHmvGqIiLjQ/ED4PC7aS+2Ymp8DdBx/Ya9zlIpEjN03mA | 5PXxoyVNxYtydWYU0Rq0cE7AqM61HNUGjN69Wg== | </ds:SignatureValue> | <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> | <wsse:SecurityTokenReference wsu:Id='reference-3-1162643527953-30167145'> | <wsse:Reference URI='#token-2-1162643527953-19658898' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'/> | </wsse:SecurityTokenReference> | </ds:KeyInfo> | </ds:Signature> | </wsse:Security> | </env:Header> | <env:Body xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='element-1-1162643527531-8703610'> | <ns1:hello xmlns:ns1='http://iwise.nuigalway.ie/hello' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='element-4-1162643528328-17689439'> | <xenc:EncryptedData Id='encrypted-5-1162643528328-14137305' Type='http://www.w3.org/2001/04/xmlenc#Content' xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'> | <xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#aes128-cbc' xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'/> | <xenc:CipherData xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'> | <xenc:CipherValue xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'> | l0waYKIwD4YR5UcXV0QpS3O4NTYaI5fYQBYDWao7GnlwAs4oddUc3/y+qIk0k1yo1ukRIhtIfStH | bfs5XXP/ABpRu7L2pV2FgT28gBcRyDLiCbUcIQwkrQMXpXwS9SoTCh7uCTFlYdNmB681YgrzNqv9 | pTOluti2/ZimKAdcR7sCNTVRDvNKFOpFgddjrwzg4lqYXst1ITTjEl8oH7IDsKkU/gWT4urLJeNg | 5tStMTHQXkvHTCREQITFJN0+W4Wp/1BJm3kGrYabpwEBTXOhvWijJdGQMlIEeXbjtiXarGoXTFbM | KaBg1br02RadiR6s | </xenc:CipherValue> | </xenc:CipherData> | </xenc:EncryptedData> | </ns1:hello> | </env:Body> | </env:Envelope> | Apologies for how verbose the messages are. The error i am getting in return to the last message is | [java] Contacting webservice at http://whitehaven:8088/hello-ejb/HelloBean?wsdl | [java] hello.hello(john) | [java] - Call invocation failed with SOAPFaultException | [java] javax.xml.rpc.soap.SOAPFaultException: javax.xml.rpc.JAXRPCException: Cannot find child element: String_1 | [java] at org.jboss.ws.jaxrpc.SOAPFaultExceptionHelper.getSOAPFaultException(SOAPFaultExceptionHelper.java:100) | [java] at org.jboss.ws.binding.soap.SOAPBindingProvider.unbindResponseMessage(SOAPBindingProvider.java:486) | [java] at org.jboss.ws.jaxrpc.CallImpl.invokeInternal(CallImpl.java:702) | [java] Exception in thread "main" java.rmi.RemoteException: Call invocation failed with code [Client] because of: javax.xml.rpc.JAXRPCException:Cannot find child element: String_1; nested exception is: | [java] javax.xml.rpc.soap.SOAPFaultException: javax.xml.rpc.JAXRPCException: Cannot find child element: String_1 | [java] at org.jboss.ws.jaxrpc.CallImpl.invokeInternal(CallImpl.java:713) | [java] at org.jboss.ws.jaxrpc.CallImpl.invoke(CallImpl.java:404) | [java] at helloClient.Client.main(Client.java:50) | [java] Caused by: javax.xml.rpc.soap.SOAPFaultException: javax.xml.rpc.JAXRPCException: Cannot find child element: String_1 | [java] at org.jboss.ws.jaxrpc.SOAPFaultExceptionHelper.getSOAPFaultException(SOAPFaultExceptionHelper.java:100) | [java] at org.jboss.ws.jaxrpc.CallImpl.invoke(CallImpl.java:404) | [java] at helloClient.Client.main(Client.java:50) | [java] at org.jboss.ws.binding.soap.SOAPBindingProvider.unbindResponseMessage(SOAPBindingProvider.java:486) | [java] at org.jboss.ws.jaxrpc.CallImpl.invokeInternal(CallImpl.java:702) | Any ideas? Doesn't make any sense that signatures work and encryption wont. Thanks, Brian. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3983211#3983211 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3983211 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
