What is the best way to deploy a JAR but keep the keys safe?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Thanks - yes it actually goes with this but I have to be very patient.
For some reason it sits there trying to send the message for 10 minutes
before it actually gets to send anything.
It might be something to do with OCSP since i am using mutual TLS - unless
anyone here has other ideas?
Cheers
Even if i could work out which way to set proxy would be good.
METHOD ONE:
https://stackoverflow.com/questions/31550064/apache-cxf-client-proxy-settings
Proxy is set with : http.getClient().setProxyServer("proxy");
I note the example code also has instantiated HelloPortType helloPort =
cliente.
Hmm, its still not sending creds.
Looking at a few examples online I think I am missing something.
Anyone able to clarify what I am missing?
HTTPConduit http = (HTTPConduit) client.getConduit();
if (PROXY) {
HTTPClientPolicy policy = http.getClient();
pol
Hello,
After changing over to a new set of certificates (and a new testing enpoint)
code that was working is now generating:
javax.xml.ws.soap.SOAPFaultException: Fault string, and possibly fault code,
not set
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161)
Does anyone
Finally worked with:
@WebServiceClient(name = "SalesService", targetNamespace =
"urn:sales.test.au/schema/common", wsdlLocation =
"classpath:SalesService.wsdl")
public class SalesService
extends Service
{
private final static URL SalesSERVICE_WSDL_LOCATION;
private final static WebSer
Hi,
This is getting very frustrating trying to get the project to find relative
paths to the WDSL.
Environment: Java 7
Build Tool: gradle
IDE: Intellij
The WSDL file runs fine in the IDE with :
@WebServiceClient(name = "SalesService", targetNamespace =
"urn:Sales.test.au/schema/common", wsdlLoc
This is what worked for me for the benefit of anyone else:
// LOGGING
LoggingOutInterceptor loi = new LoggingOutInterceptor();
loi.setPrettyLogging(true);
LoggingInInterceptor lii = new LoggingInInterceptor();
lii.setPrettyLogging(true);
org.apache.
I do actually get the message on the console, but its all run together, no
new lines or indentation.
Is that what the pretty part would do if i had it going?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Hi,
This is the client created here :
org.apache.cxf.endpoint.Client client =
org.apache.cxf.frontend.ClientProxy.getClient(irsiService);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Thanks.
Do you actually mean to instantiate it:
LoggingFeature logging = new LoggingFeature();
logging.setPrettyLogging(true);
The github example is a Server - I want to do it in a client and print to
log4j and console?
So after the above two lines how do I write to console requ
How do I enable pretty output of the XML to the console? All the examples on
StackOverflow seem to use a XML configuration file, but everything I am
doing is in code.
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Can the crypto properties file use relative paths. Instead of:
org.apache.ws.security.crypto.merlin.truststore.file=C:\\Users\\Owner\\IdeaProjects\\project1\\src\\main\\resources\\truststore.jks
Something like:
org.apache.ws.security.crypto.merlin.truststore.file=src\\main\\resources\\truststore
This worked:
@WebServiceClient(name = "SalesService", targetNamespace =
"urn:sales.com.au/schema/common", wsdlLocation =
"file:src/main/resources/SalesService.wsdl")
public class SalesService
extends Service
{
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
I tried :
wsdlLocation = ("file:/Service.wsdl")
wsdlLocation = ("file:Service.wsdl")
wsdlLocation = ("/Service.wsdl")
wsdlLocation = ("Service.wsdl")
Always file not found?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Better than in plain text!!
On Fri, Feb 2, 2018 at 11:14 PM, Colm O hEigeartaigh
wrote:
> Well it can be, I think, but that's not buying you much security.
>
> Colm.
>
> On Fri, Feb 2, 2018 at 10:03 AM, Al Grant wrote:
>
> > So the crypto properties file c
So the crypto properties file cant be hidden in the jar file?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Similar to last post :
((BindingProvider)iisrService).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
"client_sign.properties");
((BindingProvider)iisrService).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
"client_sign
Hello,
is there a way to get a relative path to the WSDL file? This code works:
@WebServiceClient(name = "SalesService", targetNamespace =
"urn:sales.com.au/schema/common", wsdlLocation =
"file:/H:/Desktop/cmd/importer/src/main/resources/SalesService.wsdl")
public class SalesService extends Servi
Actually just took a second look at your github Andy. More like this perhaps:
HTTPClientPolicy policy = http.getClient();
policy.setProxyServer("someproxy.enterprise.au");
policy.setProxyServerPort(8080);
http.getProxyAuthorization().setUserName("username");
Or like this? (I can't test it now as I have left the site with proxy):
org.apache.cxf.endpoint.Client client =
org.apache.cxf.frontend.ClientProxy.getClient(iisrService);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
cxfEndpoint.getOutInterceptors()
Thanks.
So far I can't see how you set a username and password for a Proxy using
that method?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Hi All,
I am trying to get my https client to get out through our proxy.
I have configured the connection as outlined below but apparently no
credentials are being sent to our proxy so I must be doing something wrong:
org.apache.cxf.endpoint.Client client =
org.apache.cxf.frontend.Client
Ok I am now referencing the local copy of the https WSDL.
THis is now the error:
DEBUG 2018-01-31 17:26:18,007 [Thread-2]
org.apache.cxf.common.logging.LogUtils - Using
org.apache.cxf.common.logging.Log4jLogger for logging.
DEBUG 2018-01-31 17:26:19,495 [Thread-2]
org.apache.cxf.resource.Def
I edited my post when you were posting.
But can you confirm that I will need the wsdl for the endpoint I am
connecting to, ie the SSL endpoint will be significantly different to the
non SSL?
Cheers
AG
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
So I can either save the WSDL or point my service to the copy which is not
protected with security.
I presume the wsdlLocation parameter that is passed in is either the file or
a location without security/http? And then further down:
url = new URL("https://sales.test.com.au/RSIService.svc?singleWs
I could try to download the WSDL. I assume I first need to configure Chrome
to trust and send the correct certificates before I can even save it?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
I move it to after the:
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
But the error is similar:
DEBUG 2018-01-30 23:43:12,182 [Thread-2]
org.apache.cxf.common.logging.LogUtils - Using
org.apache.cxf.common.logging.Log4jLogger for logging.
DEBUG 2018-01-30 23:43:12,95
Here is the code that I have been using:
SetSaleRequest request = new SetSaleRequest();
SetSaleResponse response = new SetSaleResponse();
// CXF CLIENT FOR MUTUAL TLS
// Setup TLS client params
TLSClientParameters tlsParams = new TLSClientParameters();
Main errors are:
DEBUG 2018-01-30 22:38:04,635 [Thread-2]
org.apache.cxf.common.logging.LogUtils - Using
org.apache.cxf.common.logging.Log4jLogger for logging.
DEBUG 2018-01-30 22:38:05,419 [Thread-2]
org.apache.cxf.resource.DefaultResourceManager - resolving resource
type
DEBUG 2018-01-
That helped. Now the stack trace is :
javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking
https://sales.com.au/RSIService.svc?singleWsdl:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
So I changed the service to point to https endpoint by editing the
SaleService:
@WebServiceClient(name = "SalesService", targetNamespace =
"urn:test.sales.com/schema/common", wsdlLocation =
"https://sales.com.au/ISRService.svc?singleWsdl";)
public class SalesService
extends Service
{
I ha
Ok - done. Now what?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
So is that all that is needed to use mutual TLS?
I also need to update the endpoint details in the service stubs - I don't
think this can be done with wsimport with mutual tls?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Alrightly then. How about something like this:
// CXF CLIENT FOR MUTUAL TLS
// Setup TLS client params
TLSClientParameters tlsParams = new TLSClientParameters();
/* Get the JKS contents */
final char[] JKS_PASSWORD = "password".toCharArray();
final
Something like this look better? My IDE doesn't complain about anything
unresolved :
org.apache.cxf.endpoint.Client client =
org.apache.cxf.frontend.ClientProxy.getClient(irsiService);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
cxfEndpoint.getOutI
I fear that getting Spring setup could be more pain than trying to complete
it the way I have done so far.
I have got to :
// Setup TLS client params
TLSClientParameters tlsParams = new TLSClientParameters();
X509TrustManager trustManager =new
X509TrustManager(validPrincip
But the links refer to X509 and you said not to use that. So I cant blindly
copy that code.
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Ok.
I have followed on from the message signing with this code:
// APACHE CXF CLIENT SETUP - MESSAGE SIGNING
((BindingProvider)irsiservice).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
"client_sign.properties");
((BindingProvider)irsiservi
Hi Colm,
For the mutual tls I have two certificates (the client one which is already
trusted by server) the server cert which I need to trust, and one private
key.
Do these get imported into the same trust stores and keystore as was used
for the message signing?
Do they need to be imported with
Hi,
I couldn't find anything else in that module that referred to KayManager -
the closest I can when I searched the github was :
https://github.com/apache/cxf/blob/4142d44c4db7c9971829d15a4aa4b7056788e9e6/systests/transports/src/test/java/org/apache/cxf/systest/https/conduit/HTTPSClientTest.java
Ok, so at first glance it looks like I already have my client setup. They key
bits I am guessing are:
1. Import certs - it will be mutual TLS
2. I already have :
org.apache.cxf.endpoint.Client client =
org.apache.cxf.frontend.ClientProxy.getClient(iisrService);
org.apache.cxf.end
Thanks. I looked at the link and see quite a few parameters but are not sure
what/where how to apply them?
Do I modify the instance of org.apache.cxf.endpoint.Client client in my
code?
Is there a working example I can be pointed to?
Thank you
--
Sent from: http://cxf.547215.n5.nabble.com/cx
It looks like the wrong cert was used to verify the response from the server
- now I have the correct cert (from the WSDL) the response is being verified
- thank you so much for your patience.
I now need to connect to essentially the same service but over https. I have
the address of the https end
I note from the log that it loads the truststore and the keystore, but only
appears to search the truststore for the server cert to verify the signing
on the response?
DEBUG 2018-01-20 00:12:59,141 [Thread-2]
org.apache.wss4j.common.util.Loader - Trying to find
[C:\Users\AlGrant\IdeaProjects\im
a search on the keyword cert on the debug log doesnt show up anything except
the message I posted earlier about the SKI key not being found.
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
I have imported the server certificate into truststore.jks
keytool -importcert -file CA-root.cer -alias CAcert -keystore truststore.jks
-storepass password
and added a reference to that file in my client_sign.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.c
I I comment out:
//((BindingProvider)irsiService).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
//"client_sign.properties");
((BindingProvider)irsiService).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
"client_sign.p
I think these are the signed parts:
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
http://www.w3.org/2005/08/addressing"/>
http://www.w3.org/2005/08/addressing"/>
http://www.w3.org/2005/08/addressing"/>
http://www.w3.org/2005/08/addressing"/>
http://www.w3.org/2005/08/addressing"/>
ht
Yes the outgoing message is both signed and encrypted.
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Thanks guys but I am still confused.
In my code:
((BindingProvider)iisrService).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
"client_sign.properties");
((BindingProvider)iisrService).getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME,
Thanks for your help. I will get the certificate tomorrow and then need to
connect using https - is there a guide somewhere on how to make what I have
so far use https (it will be a new WSDL).
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Hi,
No I don't - I only have my private key and cert. I can get the server cert
soon.
I presume it needs to be imported into the java keystore - and then somehow
referenced from the code?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Ok - I looked here - http://cxf.apache.org/docs/debugging-and-logging.html .
I am in intellij. I didnt see anything helpful?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Alrightyprogress
I get a response-code: 200 and I can see in the response the message goes
through.
Immediately after this response however I get the stack message:
--
Jan 19, 2018 1:47:11 AM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WA
I have read:
http://cxf.apache.org/docs/interceptors.html
Its not making a whole lot of sense in terms of the Logging Intercepters.
How do I add them to the chain?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Sorry no. How do I do that?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
logging.properties
# Default Logging Configuration File
#
# You can use a different file by specifying a filename
# with the java.util.logging.config.file system property.
# For example java -Djava.util.logging.config.file=myfile
I added:
LoggingOutInterceptor loi = new LoggingOutInterceptor();
LoggingInInterceptor lii = new LoggingInInterceptor();
response = isaleService.setSale(request);
But the output to console does not look any different? Also the Logging
intercepters are both flagged as depr
Hi,
Full trace is :
Jan 19, 2018 12:29:19 AM
org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean
buildServiceFromWSDL
INFO: Creating Service {urn:sale.test.au/schema/common}SaleService from
WSDL: http://testsigningonly.com/SalesService.svc?singleWsdl
Jan 19, 2018 12:29:20 AM
org.apac
Sorry updated post above while you were posting. Latest stack Trace:
Exception in thread "Thread-2" javax.xml.ws.soap.SOAPFaultException: The
signature or decryption was invalid
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Ok so I have :
((BindingProvider)port).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
"");
((BindingProvider)port).getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME,
"");
((BindingProvider)port).getRequestConte
Ok. Am I meant to be changing the values in the code you pasted?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Yes the WSDL does have security policies in it:-)
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
After fixing the cert/key issue I have changed my interceptor props from:
Map outProps = new HashMap<>();
outProps.put(WSHandlerConstants.ACTION,
WSHandlerConstants.TIMESTAMP + " " +
WSHandlerConstants.SIGNATURE + " " +
WSHandlerConst
The relevant (I think code):
SetSaleRequest request = new SetSaleRequest();
SetSaleResponse response = new SetSaleResponse();
// SENDS DATA
request.setSale(Sale);
request.getPeople().add(person);
RSIService RSIService = new RSIService();
IRSI
Thanks. You were right the key was missing - which I have fixed, but still
not able to connect.
The current Stack Error is:
WARNING: Sign before encryption failed due to : Security configuration could
not be detected. Potential cause: Make sure jaxws:client element with name
attribute value match
I have tried this for my callbackhandler class, but still get a error:
public class ClientCallbackHandler implements CallbackHandler {
public void handle(Callback[] callbacks) {
for (Callback callback : callbacks) {
WSPasswordCallback pc = (WSPasswordCallback) callback;
Hello,
I am trying to develop a client to connect to a SOAP service. The messages
I need to send to the service have to be signed by a certificate. I have
imported the certificate into my keystore:
c:\Program Files\Java\jdk1.7.0_80>keytool -list -v -keystore
C:\Users\Owner\IdeaProjects\import\key
Hello,
I am pretty new to Web Services so no haters please.
I need to write a client to send data to a web service which I have done
using wsimport to generate the artifacts.
I now need to add security, namely message signing and using HTTPS.
Is CXF the right tool to add security to a client?
70 matches
Mail list logo