Problem with secure connections via https
You are right! I do it right now. I have a problem with secure connections via https, I tried JaxWsServerFactoryBean/JaxWsProxyFactoryBean and ServerFactoryBean/ClientProxyFactoryBean result the same - service publishing succeeded, but client methods call fails. I got different exceptions depends on my configuration. Current my sample for instance used Interceptor action - WSHandlerConstants.USERNAME_TOKEN and failed with following exception: (application provided null or empty password) Next to the exception you can see my client configuration code, with password and user name supplied. ('configClientInterceptors' method) and my client creation code ('TestJaxWsProxyFactoryBean' method) I haven't any working sample to start with to use https. Can somebody help me please. Regards, Luba. org.apache.cxf.binding.soap.SoapFault: Security processing failed. at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4J OutInterceptor.java:184) at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4J OutInterceptor.java:43) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC hain.java:220) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at org.apache.cxf.frontend.ClientProxy.invoke(ClientProxy.java:68) at $Proxy15.sayHi(Unknown Source) at cxf_client.TestClient.TestClientProxyFactoryBean(TestClient.java:557) at cxf_client.TestClient.main(TestClient.java:104) Caused by: org.apache.ws.security.WSSecurityException: WSHandler: application provided null or empty password at org.apache.ws.security.handler.WSHandler.getPassword(WSHandler.java:638) at org.apache.ws.security.action.UsernameTokenAction.execute(UsernameTokenA ction.java:31) at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:1 92) at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4J OutInterceptor.java:169) ... 9 more Hit uncaught exception org.apache.cxf.binding.soap.SoapFault private void configClientInterceptors(Client client) { String name = myname; String password = mypassword; String passwordKey = password; String actions = WSHandlerConstants.USERNAME_TOKEN; //in WSS4JInInterceptor wsIn = new WSS4JInInterceptor(); wsIn.setProperty(WSHandlerConstants.ACTION, actions); wsIn.setProperty(WSHandlerConstants.USER, name); wsIn.setProperty(passwordKey, password); client.getInInterceptors().add(wsIn); client.getInInterceptors().add(new SAAJInInterceptor()); //out WSS4JOutInterceptor wsOut = new WSS4JOutInterceptor(); wsOut.setProperty(WSHandlerConstants.ACTION, actions); wsOut.setProperty(WSHandlerConstants.USER, name); wsOut.setProperty(passwordKey, password); client.getOutInterceptors().add(wsOut); client.getOutInterceptors().add(new SAAJOutInterceptor()); } public void TestJaxWsProxyFactoryBean() { JaxWsProxyFactoryBean proxyFac = new JaxWsProxyFactoryBean(); Client client; proxyFac.setServiceClass(HelloWorld.class); proxyFac.setAddress(ADDRESS + /HelloWorld); HelloWorld echo = (HelloWorld) proxyFac.create(); client = ClientProxy.getClient(echo); HTTPConduit httpConduit = (HTTPConduit) client.getConduit(); TLSClientParameters tlsParams = new TLSClientParameters(); tlsParams.setSecureSocketProtocol(SSL); httpConduit.setTlsClientParameters(tlsParams); HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); httpClientPolicy.setConnectionTimeout(36000); httpClientPolicy.setAllowChunking(false); httpConduit.getClient().setAutoRedirect(true); httpConduit.setClient(httpClientPolicy); configClientInterceptors(client); echo.sayHi(Luba); } -Original Message- From: Benson Margulies [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 02, 2008 6:55 PM To: cxf-user@incubator.apache.org Subject: Re: Problem deserializing pojos (fields not initialized) Why don't you send in a new email message with a new subject line that describes exactly what you did and what didn't work. This thread was about the very specific question of the new configuration system for Aegis. On Wed, Apr 2, 2008 at 10:33 AM, Alpin, Luba [EMAIL PROTECTED] wrote: I need use secure SOAP. I succeeded with publish my services on https://localhost:8080/ServiceName; But client methods call fails. Thanks for your time. Regards, Luba. -Original Message- From: Benson Margulies [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 02, 2008 5:27 PM To: cxf-user@incubator.apache.org Subject: Re: Problem
Re: Problem with secure connections via https
I'm not very useful, personally, on https, hopefully Glen or someone will wade in now that you've given us a full picture. On Thu, Apr 3, 2008 at 5:52 AM, Alpin, Luba [EMAIL PROTECTED] wrote: You are right! I do it right now. I have a problem with secure connections via https, I tried JaxWsServerFactoryBean/JaxWsProxyFactoryBean and ServerFactoryBean/ClientProxyFactoryBean result the same - service publishing succeeded, but client methods call fails. I got different exceptions depends on my configuration. Current my sample for instance used Interceptor action - WSHandlerConstants.USERNAME_TOKEN and failed with following exception: (application provided null or empty password) Next to the exception you can see my client configuration code, with password and user name supplied. ('configClientInterceptors' method) and my client creation code ('TestJaxWsProxyFactoryBean' method) I haven't any working sample to start with to use https. Can somebody help me please. Regards, Luba. org.apache.cxf.binding.soap.SoapFault: Security processing failed. at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4J OutInterceptor.java:184) at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4J OutInterceptor.java:43) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC hain.java:220) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at org.apache.cxf.frontend.ClientProxy.invoke(ClientProxy.java:68) at $Proxy15.sayHi(Unknown Source) at cxf_client.TestClient.TestClientProxyFactoryBean(TestClient.java:557) at cxf_client.TestClient.main(TestClient.java:104) Caused by: org.apache.ws.security.WSSecurityException: WSHandler: application provided null or empty password at org.apache.ws.security.handler.WSHandler.getPassword(WSHandler.java:638) at org.apache.ws.security.action.UsernameTokenAction.execute(UsernameTokenA ction.java:31) at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:1 92) at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4J OutInterceptor.java:169) ... 9 more Hit uncaught exception org.apache.cxf.binding.soap.SoapFault private void configClientInterceptors(Client client) { String name = myname; String password = mypassword; String passwordKey = password; String actions = WSHandlerConstants.USERNAME_TOKEN; //in WSS4JInInterceptor wsIn = new WSS4JInInterceptor(); wsIn.setProperty(WSHandlerConstants.ACTION, actions); wsIn.setProperty(WSHandlerConstants.USER, name); wsIn.setProperty(passwordKey, password); client.getInInterceptors().add(wsIn); client.getInInterceptors().add(new SAAJInInterceptor()); //out WSS4JOutInterceptor wsOut = new WSS4JOutInterceptor(); wsOut.setProperty(WSHandlerConstants.ACTION, actions); wsOut.setProperty(WSHandlerConstants.USER, name); wsOut.setProperty(passwordKey, password); client.getOutInterceptors().add(wsOut); client.getOutInterceptors().add(new SAAJOutInterceptor()); } public void TestJaxWsProxyFactoryBean() { JaxWsProxyFactoryBean proxyFac = new JaxWsProxyFactoryBean(); Client client; proxyFac.setServiceClass(HelloWorld.class); proxyFac.setAddress(ADDRESS + /HelloWorld); HelloWorld echo = (HelloWorld) proxyFac.create(); client = ClientProxy.getClient(echo); HTTPConduit httpConduit = (HTTPConduit) client.getConduit(); TLSClientParameters tlsParams = new TLSClientParameters(); tlsParams.setSecureSocketProtocol(SSL); httpConduit.setTlsClientParameters(tlsParams); HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); httpClientPolicy.setConnectionTimeout(36000); httpClientPolicy.setAllowChunking(false); httpConduit.getClient().setAutoRedirect(true); httpConduit.setClient(httpClientPolicy); configClientInterceptors(client); echo.sayHi(Luba); } -Original Message- From: Benson Margulies [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 02, 2008 6:55 PM To: cxf-user@incubator.apache.org Subject: Re: Problem deserializing pojos (fields not initialized) Why don't you send in a new email message with a new subject line that describes exactly what you did and what didn't work. This thread was about the very specific question of the new configuration system for Aegis. On Wed, Apr 2, 2008 at 10:33 AM, Alpin, Luba [EMAIL PROTECTED] wrote: I need use secure SOAP. I succeeded with publish my services on https://localhost:8080/ServiceName; But client methods call
Re: Problem with secure connections via https
I only know the wsdl2java way of doing this, and Luba in past has not desired to go this route. As I've said earlier, I don't think SSL with the simple front end is a robust design that should be taught to users. [1] shows how to create a wsdl2java-based web service client with a cxf.xml file (whose contents are not relevant for SSL); the example at the top of [2] gives a CXF.xml file that can be used at the client (Although just looking at it, I don't think that cxf.xml is correct because nowhere is it declaring SSL to be the protocol. If no one else does, I'll take a look at it. Per Olsen's blog entry referenced at the top of [2] gives a better example of a starter cxf.xml configuration file for SSL.) Glen [1] http://www.jroller.com/gmazza/date/20070817 [2] http://cwiki.apache.org/CXF20DOC/client-http-transport-including-ssl-support.html Am Donnerstag, den 03.04.2008, 07:35 -0400 schrieb Benson Margulies: I'm not very useful, personally, on https, hopefully Glen or someone will wade in now that you've given us a full picture. On Thu, Apr 3, 2008 at 5:52 AM, Alpin, Luba [EMAIL PROTECTED] wrote: You are right! I do it right now. I have a problem with secure connections via https, I tried JaxWsServerFactoryBean/JaxWsProxyFactoryBean and ServerFactoryBean/ClientProxyFactoryBean result the same - service publishing succeeded, but client methods call fails. I got different exceptions depends on my configuration. Current my sample for instance used Interceptor action - WSHandlerConstants.USERNAME_TOKEN and failed with following exception: (application provided null or empty password) Next to the exception you can see my client configuration code, with password and user name supplied. ('configClientInterceptors' method) and my client creation code ('TestJaxWsProxyFactoryBean' method) I haven't any working sample to start with to use https. Can somebody help me please. Regards, Luba. org.apache.cxf.binding.soap.SoapFault: Security processing failed. at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4J OutInterceptor.java:184) at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4J OutInterceptor.java:43) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC hain.java:220) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at org.apache.cxf.frontend.ClientProxy.invoke(ClientProxy.java:68) at $Proxy15.sayHi(Unknown Source) at cxf_client.TestClient.TestClientProxyFactoryBean(TestClient.java:557) at cxf_client.TestClient.main(TestClient.java:104) Caused by: org.apache.ws.security.WSSecurityException: WSHandler: application provided null or empty password at org.apache.ws.security.handler.WSHandler.getPassword(WSHandler.java:638) at org.apache.ws.security.action.UsernameTokenAction.execute(UsernameTokenA ction.java:31) at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:1 92) at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4J OutInterceptor.java:169) ... 9 more Hit uncaught exception org.apache.cxf.binding.soap.SoapFault private void configClientInterceptors(Client client) { String name = myname; String password = mypassword; String passwordKey = password; String actions = WSHandlerConstants.USERNAME_TOKEN; //in WSS4JInInterceptor wsIn = new WSS4JInInterceptor(); wsIn.setProperty(WSHandlerConstants.ACTION, actions); wsIn.setProperty(WSHandlerConstants.USER, name); wsIn.setProperty(passwordKey, password); client.getInInterceptors().add(wsIn); client.getInInterceptors().add(new SAAJInInterceptor()); //out WSS4JOutInterceptor wsOut = new WSS4JOutInterceptor(); wsOut.setProperty(WSHandlerConstants.ACTION, actions); wsOut.setProperty(WSHandlerConstants.USER, name); wsOut.setProperty(passwordKey, password); client.getOutInterceptors().add(wsOut); client.getOutInterceptors().add(new SAAJOutInterceptor()); } public void TestJaxWsProxyFactoryBean() { JaxWsProxyFactoryBean proxyFac = new JaxWsProxyFactoryBean(); Client client; proxyFac.setServiceClass(HelloWorld.class); proxyFac.setAddress(ADDRESS + /HelloWorld); HelloWorld echo = (HelloWorld) proxyFac.create(); client = ClientProxy.getClient(echo); HTTPConduit httpConduit = (HTTPConduit) client.getConduit(); TLSClientParameters tlsParams = new TLSClientParameters(); tlsParams.setSecureSocketProtocol(SSL
RE: Problem with secure connections via https
The reason that I selected frontend is: I don't start from the zero point, I have 64 services with hundreds methods and I didn't use *.wsdl files creation with other frameworks that I used in past (GLUE(WebMethods) and XFire), so start create 64 wsdls contains hundreds operations description looks me crazy. CXF (at least frontends) spend much more memory for publishing and so hard for SSL configuration - that is my first impression. I would like it will be by my mistake. Regards, Luba. -Original Message- From: Glen Mazza [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2008 3:13 PM To: cxf-user@incubator.apache.org Subject: Re: Problem with secure connections via https I only know the wsdl2java way of doing this, and Luba in past has not desired to go this route. As I've said earlier, I don't think SSL with the simple front end is a robust design that should be taught to users. [1] shows how to create a wsdl2java-based web service client with a cxf.xml file (whose contents are not relevant for SSL); the example at the top of [2] gives a CXF.xml file that can be used at the client (Although just looking at it, I don't think that cxf.xml is correct because nowhere is it declaring SSL to be the protocol. If no one else does, I'll take a look at it. Per Olsen's blog entry referenced at the top of [2] gives a better example of a starter cxf.xml configuration file for SSL.) Glen [1] http://www.jroller.com/gmazza/date/20070817 [2] http://cwiki.apache.org/CXF20DOC/client-http-transport-including-ssl-sup port.html Am Donnerstag, den 03.04.2008, 07:35 -0400 schrieb Benson Margulies: I'm not very useful, personally, on https, hopefully Glen or someone will wade in now that you've given us a full picture. On Thu, Apr 3, 2008 at 5:52 AM, Alpin, Luba [EMAIL PROTECTED] wrote: You are right! I do it right now. I have a problem with secure connections via https, I tried JaxWsServerFactoryBean/JaxWsProxyFactoryBean and ServerFactoryBean/ClientProxyFactoryBean result the same - service publishing succeeded, but client methods call fails. I got different exceptions depends on my configuration. Current my sample for instance used Interceptor action - WSHandlerConstants.USERNAME_TOKEN and failed with following exception: (application provided null or empty password) Next to the exception you can see my client configuration code, with password and user name supplied. ('configClientInterceptors' method) and my client creation code ('TestJaxWsProxyFactoryBean' method) I haven't any working sample to start with to use https. Can somebody help me please. Regards, Luba. org.apache.cxf.binding.soap.SoapFault: Security processing failed. at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4J OutInterceptor.java:184) at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4J OutInterceptor.java:43) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC hain.java:220) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at org.apache.cxf.frontend.ClientProxy.invoke(ClientProxy.java:68) at $Proxy15.sayHi(Unknown Source) at cxf_client.TestClient.TestClientProxyFactoryBean(TestClient.java:557) at cxf_client.TestClient.main(TestClient.java:104) Caused by: org.apache.ws.security.WSSecurityException: WSHandler: application provided null or empty password at org.apache.ws.security.handler.WSHandler.getPassword(WSHandler.java:638) at org.apache.ws.security.action.UsernameTokenAction.execute(UsernameTokenA ction.java:31) at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:1 92) at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4J OutInterceptor.java:169) ... 9 more Hit uncaught exception org.apache.cxf.binding.soap.SoapFault private void configClientInterceptors(Client client) { String name = myname; String password = mypassword; String passwordKey = password; String actions = WSHandlerConstants.USERNAME_TOKEN; //in WSS4JInInterceptor wsIn = new WSS4JInInterceptor(); wsIn.setProperty(WSHandlerConstants.ACTION, actions); wsIn.setProperty(WSHandlerConstants.USER, name); wsIn.setProperty(passwordKey, password); client.getInInterceptors().add(wsIn); client.getInInterceptors().add(new SAAJInInterceptor()); //out WSS4JOutInterceptor wsOut = new WSS4JOutInterceptor(); wsOut.setProperty(WSHandlerConstants.ACTION, actions); wsOut.setProperty(WSHandlerConstants.USER, name); wsOut.setProperty(passwordKey, password