Yes, I noticed the Main.java got stripped out after posting. I've pasted it
into this email. See below:
To answer your questions
>> Is this using the SecurityPolicy support or a manually configured
>> WSS4JOutInterceptor?
My client is using a keystore generated at my company. The 3rd party company
publishing the Web Service has the public certificate from this keystore.
>> Are you sure you are using the right keys?
I've made every effort to verify this. The 3rd party company publishing the
Web Service sent me the public certificate they have. I have compared that
public certificate to the one generated out of my keystore. The two matched.
I'm fairly confident the right keys are being used, though even though I
received the public certificate from the 3rd party company I cannot guarantee
it is being used properly.
>> Any chance of capturing the raw "on the wire" messages from both a CXF
>> client as well as WebLogic (or other working client) to see comparisons?
Yes, I have done this. I compared the output from my CXF client to what
appears in the Web Service log files. They are identical. Furthermore, a
small signature verification program I wrote can successfully verify the output
from my CXF client as well as what appears in the Web Service log files. If you
wish to see them that's OK but I'd prefer to not send them over the mailing
list.
/********************************************************************************
*
* Main.java
*
*******************************************************************************/
package com.suddenlink.incubator.cxf.client.main;
import java.util.ArrayList;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.xml.datatype.DatatypeFactory;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.ws.BindingProvider;
import org.apache.cxf.binding.soap.SoapHeader;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.headers.Header;
import org.apache.cxf.interceptor.LoggingInInterceptor;
import org.apache.cxf.interceptor.LoggingOutInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import com.suddenlink.cfx.ILECcustomerServiceRecordQueryForm;
import com.suddenlink.cfx.SubmitILECcustomerServiceRecordQueryHelper;
import com.suddenlink.cfx.SubmitILECcustomerServiceRecordQueryResult;
import com.suddenlink.cfx.VoIPorderHeaderType;
import com.suddenlink.cfx.WSvoiceOverIPservice2;
import com.suddenlink.cfx.WSvoiceOverIPservice2Port;
import com.suddenlink.incubator.cxf.client.callback.ClientCallbackHandler;
public class Main {
private static final String SIGNATURE_PROPERTIES_FILE =
"provider.properties";
private static final String KEYSTORE_ALIAS = "slprivatekey";
// Define the Web Service URL to Call
private static final String ENDPOINT_ADDRESS_PROPERTY = (
"https://server/path/to/endpoint";
);
private WSvoiceOverIPservice2 service;
private WSvoiceOverIPservice2Port port;
private Client client;
public static void main(String[] args)
{
try {
new Main().go();
} catch (Throwable t) {
t.printStackTrace();
}
}
private void go() throws Throwable
{
setService();
setPort();
setClient();
setInOutIntecepters();
setEndpointAddress();
setSigningProperties();
call();
}
private void setService() {
service = new WSvoiceOverIPservice2();
}
private void setPort() {
port = service.getWSvoiceOverIPservice2Port();
}
private void setClient() {
client = ClientProxy.getClient(port);
}
private void setInOutIntecepters() {
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new LoggingOutInterceptor());
}
private void setEndpointAddress() {
BindingProvider bp = (BindingProvider) port;
// Retrieve endpoint address property
String url = (String)
bp.getRequestContext().get(BindingProvider.ENDPOINT_ADDRESS_PROPERTY);
System.out.printf("URL BEFORE: %s\n", url);
// Reset endpoint address property
bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,ENDPOINT_ADDRESS_PROPERTY);
// Retrieve endpoint address property
url = (String)
bp.getRequestContext().get(BindingProvider.ENDPOINT_ADDRESS_PROPERTY);
System.out.printf("URL AFTER: %s\n", url);
}
private void setSigningProperties() {
Map<String,Object> outProps = new HashMap<String,Object>();
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ClientCallbackHandler.class.getName());
outProps.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
outProps.put(WSHandlerConstants.SIG_PROP_FILE,
SIGNATURE_PROPERTIES_FILE);
outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
outProps.put(WSHandlerConstants.USER, KEYSTORE_ALIAS);
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
client.getEndpoint().getOutInterceptors().add(wssOut);
//client.getEndpoint().getOutInterceptors().add(new
SAAJOutInterceptor()); // 2.0.x only; not needed in 2.1+
}
private void call() throws Exception {
System.out.println(
" ~~~MAKE CALL~~~"
+ " This will simply call a method on the "
+ " 'private WSvoiceOverIPservice2Port port;' "
+ " object declared at the top of the class "
);
}
}
/********************************************************************************
********************************************************************************
********************************************************************************
*******************************************************************************/
-----Original Message-----
From: Daniel Kulp [mailto:[email protected]]
Sent: Thursday, March 25, 2010 1:42 PM
To: [email protected]
Cc: Remijan, Michael
Subject: Re: WS-Security client working with Weblogic 9?
On Thursday 25 March 2010 12:39:51 pm Remijan, Michael wrote:
> Group:
>
> I am working on a Web Service client which calls a Weblogic 9 server.
> This client also uses WS-Security to Sign (signature) the request. I'm
> using Maven to pull down. All efforts to call the web service have failed
> on the server side due to Weblogic not being able to verify the signature.
> It's been suggested the Digest CXF generates on the client side is not
> compatable with the Digest Weblogic creates.
Well, that would be very bizzarre considering the digest is a standard defined
by the ws-security spec. If Weblogic is unable to process it, that sounds
like a bug on their side. We've tested interop with .NET, Axis2/Rampart, and
Metro (as well as some proprietary ones like Actional) so we know the digests
CXF generates are correct per standard.
The Main.java got stripped out. Is this using the SecurityPolicy support or
a manually configured WSS4JOutInterceptor? Are you sure you are using the
right keys? Any chance of capturing the raw "on the wire" messages from both
a CXF client as well as WebLogic (or other working client) to see comparisons?
Dan
>
> For my project I've pulled in these dependencies.
>
> cxf-rt-core 2.2.6
> cxf-rt-frontend-jaxws 2.2.6
> cxf-rt-transports-http 2.2.6
> cxf-rt-ws-security 2.2.6
>
> and I'm using cxf-codegen-plugin 2.2.3 to generate the client classes.
>
> I've attached a condensed version of Main.java. Any thoughts? Any
> previous issues with Weblogic interoperability?
>
>
> Mike Remijan
> Suddenlink Communications
> 314.315.9657
> [email protected]
--
Daniel Kulp
[email protected]
http://dankulp.com/blog
