Hello,
I am pretty new to Web Services so no haters please.
I need to write a client to send data to a web service which I have done
using wsimport to generate the artifacts.
I now need to add security, namely message signing and using HTTPS.
Is CXF the right tool to add security to a client?
Hello,
I am trying to develop a client to connect to a SOAP service. The messages
I need to send to the service have to be signed by a certificate. I have
imported the certificate into my keystore:
c:\Program Files\Java\jdk1.7.0_80>keytool -list -v -keystore
C:\Users\Owner\IdeaProjects\import\key
I have tried this for my callbackhandler class, but still get a error:
public class ClientCallbackHandler implements CallbackHandler {
public void handle(Callback[] callbacks) {
for (Callback callback : callbacks) {
WSPasswordCallback pc = (WSPasswordCallback) callback;
Thanks. You were right the key was missing - which I have fixed, but still
not able to connect.
The current Stack Error is:
WARNING: Sign before encryption failed due to : Security configuration could
not be detected. Potential cause: Make sure jaxws:client element with name
attribute value match
The relevant (I think code):
SetSaleRequest request = new SetSaleRequest();
SetSaleResponse response = new SetSaleResponse();
// SENDS DATA
request.setSale(Sale);
request.getPeople().add(person);
RSIService RSIService = new RSIService();
IRSI
After fixing the cert/key issue I have changed my interceptor props from:
Map outProps = new HashMap<>();
outProps.put(WSHandlerConstants.ACTION,
WSHandlerConstants.TIMESTAMP + " " +
WSHandlerConstants.SIGNATURE + " " +
WSHandlerConst
Yes the WSDL does have security policies in it:-)
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Ok. Am I meant to be changing the values in the code you pasted?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Ok so I have :
((BindingProvider)port).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
"");
((BindingProvider)port).getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME,
"");
((BindingProvider)port).getRequestConte
Sorry updated post above while you were posting. Latest stack Trace:
Exception in thread "Thread-2" javax.xml.ws.soap.SOAPFaultException: The
signature or decryption was invalid
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Hi,
Full trace is :
Jan 19, 2018 12:29:19 AM
org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean
buildServiceFromWSDL
INFO: Creating Service {urn:sale.test.au/schema/common}SaleService from
WSDL: http://testsigningonly.com/SalesService.svc?singleWsdl
Jan 19, 2018 12:29:20 AM
org.apac
I added:
LoggingOutInterceptor loi = new LoggingOutInterceptor();
LoggingInInterceptor lii = new LoggingInInterceptor();
response = isaleService.setSale(request);
But the output to console does not look any different? Also the Logging
intercepters are both flagged as depr
logging.properties
# Default Logging Configuration File
#
# You can use a different file by specifying a filename
# with the java.util.logging.config.file system property.
# For example java -Djava.util.logging.config.file=myfile
Sorry no. How do I do that?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
I have read:
http://cxf.apache.org/docs/interceptors.html
Its not making a whole lot of sense in terms of the Logging Intercepters.
How do I add them to the chain?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Alrightyprogress
I get a response-code: 200 and I can see in the response the message goes
through.
Immediately after this response however I get the stack message:
--
Jan 19, 2018 1:47:11 AM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WA
Ok - I looked here - http://cxf.apache.org/docs/debugging-and-logging.html .
I am in intellij. I didnt see anything helpful?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Hi,
No I don't - I only have my private key and cert. I can get the server cert
soon.
I presume it needs to be imported into the java keystore - and then somehow
referenced from the code?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Thanks for your help. I will get the certificate tomorrow and then need to
connect using https - is there a guide somewhere on how to make what I have
so far use https (it will be a new WSDL).
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Thanks guys but I am still confused.
In my code:
((BindingProvider)iisrService).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
"client_sign.properties");
((BindingProvider)iisrService).getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME,
Yes the outgoing message is both signed and encrypted.
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
I think these are the signed parts:
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
http://www.w3.org/2005/08/addressing"/>
http://www.w3.org/2005/08/addressing"/>
http://www.w3.org/2005/08/addressing"/>
http://www.w3.org/2005/08/addressing"/>
http://www.w3.org/2005/08/addressing"/>
ht
I I comment out:
//((BindingProvider)irsiService).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
//"client_sign.properties");
((BindingProvider)irsiService).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
"client_sign.p
I have imported the server certificate into truststore.jks
keytool -importcert -file CA-root.cer -alias CAcert -keystore truststore.jks
-storepass password
and added a reference to that file in my client_sign.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.c
a search on the keyword cert on the debug log doesnt show up anything except
the message I posted earlier about the SKI key not being found.
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
I note from the log that it loads the truststore and the keystore, but only
appears to search the truststore for the server cert to verify the signing
on the response?
DEBUG 2018-01-20 00:12:59,141 [Thread-2]
org.apache.wss4j.common.util.Loader - Trying to find
[C:\Users\AlGrant\IdeaProjects\im
It looks like the wrong cert was used to verify the response from the server
- now I have the correct cert (from the WSDL) the response is being verified
- thank you so much for your patience.
I now need to connect to essentially the same service but over https. I have
the address of the https end
Thanks. I looked at the link and see quite a few parameters but are not sure
what/where how to apply them?
Do I modify the instance of org.apache.cxf.endpoint.Client client in my
code?
Is there a working example I can be pointed to?
Thank you
--
Sent from: http://cxf.547215.n5.nabble.com/cx
Ok, so at first glance it looks like I already have my client setup. They key
bits I am guessing are:
1. Import certs - it will be mutual TLS
2. I already have :
org.apache.cxf.endpoint.Client client =
org.apache.cxf.frontend.ClientProxy.getClient(iisrService);
org.apache.cxf.end
Hi,
I couldn't find anything else in that module that referred to KayManager -
the closest I can when I searched the github was :
https://github.com/apache/cxf/blob/4142d44c4db7c9971829d15a4aa4b7056788e9e6/systests/transports/src/test/java/org/apache/cxf/systest/https/conduit/HTTPSClientTest.java
Hi Colm,
For the mutual tls I have two certificates (the client one which is already
trusted by server) the server cert which I need to trust, and one private
key.
Do these get imported into the same trust stores and keystore as was used
for the message signing?
Do they need to be imported with
Ok.
I have followed on from the message signing with this code:
// APACHE CXF CLIENT SETUP - MESSAGE SIGNING
((BindingProvider)irsiservice).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
"client_sign.properties");
((BindingProvider)irsiservi
But the links refer to X509 and you said not to use that. So I cant blindly
copy that code.
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
I fear that getting Spring setup could be more pain than trying to complete
it the way I have done so far.
I have got to :
// Setup TLS client params
TLSClientParameters tlsParams = new TLSClientParameters();
X509TrustManager trustManager =new
X509TrustManager(validPrincip
Something like this look better? My IDE doesn't complain about anything
unresolved :
org.apache.cxf.endpoint.Client client =
org.apache.cxf.frontend.ClientProxy.getClient(irsiService);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
cxfEndpoint.getOutI
Alrightly then. How about something like this:
// CXF CLIENT FOR MUTUAL TLS
// Setup TLS client params
TLSClientParameters tlsParams = new TLSClientParameters();
/* Get the JKS contents */
final char[] JKS_PASSWORD = "password".toCharArray();
final
So is that all that is needed to use mutual TLS?
I also need to update the endpoint details in the service stubs - I don't
think this can be done with wsimport with mutual tls?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Ok - done. Now what?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
So I changed the service to point to https endpoint by editing the
SaleService:
@WebServiceClient(name = "SalesService", targetNamespace =
"urn:test.sales.com/schema/common", wsdlLocation =
"https://sales.com.au/ISRService.svc?singleWsdl";)
public class SalesService
extends Service
{
I ha
That helped. Now the stack trace is :
javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking
https://sales.com.au/RSIService.svc?singleWsdl:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
Main errors are:
DEBUG 2018-01-30 22:38:04,635 [Thread-2]
org.apache.cxf.common.logging.LogUtils - Using
org.apache.cxf.common.logging.Log4jLogger for logging.
DEBUG 2018-01-30 22:38:05,419 [Thread-2]
org.apache.cxf.resource.DefaultResourceManager - resolving resource
type
DEBUG 2018-01-
Here is the code that I have been using:
SetSaleRequest request = new SetSaleRequest();
SetSaleResponse response = new SetSaleResponse();
// CXF CLIENT FOR MUTUAL TLS
// Setup TLS client params
TLSClientParameters tlsParams = new TLSClientParameters();
I move it to after the:
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
But the error is similar:
DEBUG 2018-01-30 23:43:12,182 [Thread-2]
org.apache.cxf.common.logging.LogUtils - Using
org.apache.cxf.common.logging.Log4jLogger for logging.
DEBUG 2018-01-30 23:43:12,95
I could try to download the WSDL. I assume I first need to configure Chrome
to trust and send the correct certificates before I can even save it?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
So I can either save the WSDL or point my service to the copy which is not
protected with security.
I presume the wsdlLocation parameter that is passed in is either the file or
a location without security/http? And then further down:
url = new URL("https://sales.test.com.au/RSIService.svc?singleWs
I edited my post when you were posting.
But can you confirm that I will need the wsdl for the endpoint I am
connecting to, ie the SSL endpoint will be significantly different to the
non SSL?
Cheers
AG
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Ok I am now referencing the local copy of the https WSDL.
THis is now the error:
DEBUG 2018-01-31 17:26:18,007 [Thread-2]
org.apache.cxf.common.logging.LogUtils - Using
org.apache.cxf.common.logging.Log4jLogger for logging.
DEBUG 2018-01-31 17:26:19,495 [Thread-2]
org.apache.cxf.resource.Def
Hi All,
I am trying to get my https client to get out through our proxy.
I have configured the connection as outlined below but apparently no
credentials are being sent to our proxy so I must be doing something wrong:
org.apache.cxf.endpoint.Client client =
org.apache.cxf.frontend.Client
Thanks.
So far I can't see how you set a username and password for a Proxy using
that method?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Or like this? (I can't test it now as I have left the site with proxy):
org.apache.cxf.endpoint.Client client =
org.apache.cxf.frontend.ClientProxy.getClient(iisrService);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
cxfEndpoint.getOutInterceptors()
Actually just took a second look at your github Andy. More like this perhaps:
HTTPClientPolicy policy = http.getClient();
policy.setProxyServer("someproxy.enterprise.au");
policy.setProxyServerPort(8080);
http.getProxyAuthorization().setUserName("username");
Hello,
is there a way to get a relative path to the WSDL file? This code works:
@WebServiceClient(name = "SalesService", targetNamespace =
"urn:sales.com.au/schema/common", wsdlLocation =
"file:/H:/Desktop/cmd/importer/src/main/resources/SalesService.wsdl")
public class SalesService extends Servi
Similar to last post :
((BindingProvider)iisrService).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
"client_sign.properties");
((BindingProvider)iisrService).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
"client_sign
So the crypto properties file cant be hidden in the jar file?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Better than in plain text!!
On Fri, Feb 2, 2018 at 11:14 PM, Colm O hEigeartaigh
wrote:
> Well it can be, I think, but that's not buying you much security.
>
> Colm.
>
> On Fri, Feb 2, 2018 at 10:03 AM, Al Grant wrote:
>
> > So the crypto properties file c
I tried :
wsdlLocation = ("file:/Service.wsdl")
wsdlLocation = ("file:Service.wsdl")
wsdlLocation = ("/Service.wsdl")
wsdlLocation = ("Service.wsdl")
Always file not found?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
This worked:
@WebServiceClient(name = "SalesService", targetNamespace =
"urn:sales.com.au/schema/common", wsdlLocation =
"file:src/main/resources/SalesService.wsdl")
public class SalesService
extends Service
{
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Can the crypto properties file use relative paths. Instead of:
org.apache.ws.security.crypto.merlin.truststore.file=C:\\Users\\Owner\\IdeaProjects\\project1\\src\\main\\resources\\truststore.jks
Something like:
org.apache.ws.security.crypto.merlin.truststore.file=src\\main\\resources\\truststore
How do I enable pretty output of the XML to the console? All the examples on
StackOverflow seem to use a XML configuration file, but everything I am
doing is in code.
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Thanks.
Do you actually mean to instantiate it:
LoggingFeature logging = new LoggingFeature();
logging.setPrettyLogging(true);
The github example is a Server - I want to do it in a client and print to
log4j and console?
So after the above two lines how do I write to console requ
Hi,
This is the client created here :
org.apache.cxf.endpoint.Client client =
org.apache.cxf.frontend.ClientProxy.getClient(irsiService);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
I do actually get the message on the console, but its all run together, no
new lines or indentation.
Is that what the pretty part would do if i had it going?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
This is what worked for me for the benefit of anyone else:
// LOGGING
LoggingOutInterceptor loi = new LoggingOutInterceptor();
loi.setPrettyLogging(true);
LoggingInInterceptor lii = new LoggingInInterceptor();
lii.setPrettyLogging(true);
org.apache.
Hi,
This is getting very frustrating trying to get the project to find relative
paths to the WDSL.
Environment: Java 7
Build Tool: gradle
IDE: Intellij
The WSDL file runs fine in the IDE with :
@WebServiceClient(name = "SalesService", targetNamespace =
"urn:Sales.test.au/schema/common", wsdlLoc
Finally worked with:
@WebServiceClient(name = "SalesService", targetNamespace =
"urn:sales.test.au/schema/common", wsdlLocation =
"classpath:SalesService.wsdl")
public class SalesService
extends Service
{
private final static URL SalesSERVICE_WSDL_LOCATION;
private final static WebSer
Hello,
After changing over to a new set of certificates (and a new testing enpoint)
code that was working is now generating:
javax.xml.ws.soap.SOAPFaultException: Fault string, and possibly fault code,
not set
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161)
Does anyone
Hmm, its still not sending creds.
Looking at a few examples online I think I am missing something.
Anyone able to clarify what I am missing?
HTTPConduit http = (HTTPConduit) client.getConduit();
if (PROXY) {
HTTPClientPolicy policy = http.getClient();
pol
Even if i could work out which way to set proxy would be good.
METHOD ONE:
https://stackoverflow.com/questions/31550064/apache-cxf-client-proxy-settings
Proxy is set with : http.getClient().setProxyServer("proxy");
I note the example code also has instantiated HelloPortType helloPort =
cliente.
Thanks - yes it actually goes with this but I have to be very patient.
For some reason it sits there trying to send the message for 10 minutes
before it actually gets to send anything.
It might be something to do with OCSP since i am using mutual TLS - unless
anyone here has other ideas?
Cheers
What is the best way to deploy a JAR but keep the keys safe?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
70 matches
Mail list logo