Post your configurations for ws-security... Lupan wrote: > > Hello guys, > I'm having to write a Web service client with CXF 2.2.8 to consume a > web service which uses WS-SecurityPolicy on it. The policies shown in > the WSDL are created and managed by an Oracle tool (Oracle Webservices > Manager), they're not manually written and are shipped with the > product. The product claims the policies are compliant with the latest > standards and that are interoperable with other stacks. Because of > that I'm trying to use the CXF Client since the client written with > the own Oracle Stack obviously worked. Unfortunately I'm receiving a > Generic error in the client: > > ... > Caused by: org.apache.cxf.binding.soap.SoapFault: FailedCheck : > failure in security check > at > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75) > at > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46) > at org > ... > > Since this is a client error went to the server logs to see what > happened. There is a line in the log: > > <Error> <oracle.wsm.resources.security> <WSM-00035> <Error in > Signature reference mechanism compliance : Expected : > http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey > , Actual : > http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#EncryptedKey.> > > I don't know if there is something I'm missing in the CXF client > configuration or if there is a problem in the Oracle Policy (like > proprietary tags in it) or anything else. > Here is the WSDL I'm trying to consume: > > <definitions name="SwapTestService" > targetNamespace="http://swap/test/v01";> > <wsp:Policy wsu:Id="SwapTestPort_Fault_Policy" /> > <wsp:Policy wsu:Id="SwapTestPort_Input_Policy"> > <sp:SignedParts> > <sp:Body /> > <sp:Header > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header > Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"; > /> > <sp:Header Name="fmw-context" > Namespace="http://xmlns.oracle.com/fmw/context/1.0"; /> > </sp:SignedParts> > <sp:EncryptedParts> > <sp:Body /> > <sp:Header Name="fmw-context" > Namespace="http://xmlns.oracle.com/fmw/context/1.0"; /> > </sp:EncryptedParts> > </wsp:Policy> > <wsp:Policy wsu:Id="SwapTestPort_Output_Policy"> > <sp:SignedParts> > <sp:Body /> > </sp:SignedParts> > <sp:EncryptedParts> > <sp:Body /> > </sp:EncryptedParts> > </wsp:Policy> > > <wsp:Policy > wsu:Id="wss11_x509_token_with_message_protection_service_policy"> > <sp:SymmetricBinding> > <wsp:Policy> > <sp:ProtectionToken> > <wsp:Policy> > <sp:X509Token > > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> > <wsp:Policy> > > <sp:RequireThumbprintReference /> > > <sp:WssX509V3Token11 /> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:ProtectionToken> > > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:Basic128 /> > </wsp:Policy> > </sp:AlgorithmSuite> > > <sp:Layout> > <wsp:Policy> > <sp:Lax /> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp /> > <sp:ProtectTokens /> > <sp:OnlySignEntireHeadersAndBody /> > </wsp:Policy> > </sp:SymmetricBinding> > > <sp:EndorsingSupportingTokens> > <wsp:Policy> > <sp:X509Token > > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> > <wsp:Policy> > <sp:WssX509V3Token11 /> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:EndorsingSupportingTokens> > > <sp:Wss11> > <wsp:Policy> > <sp:RequireSignatureConfirmation /> > <sp:MustSupportRefEncryptedKey /> > </wsp:Policy> > </sp:Wss11> > </wsp:Policy> > > <types> > > <xsd:schema> > <xsd:import namespace="http://swap/test/v01"; > > schemaLocation="http://localhost:7001/swaptest/SwapTest?xsd=1"; /> > </xsd:schema> > </types> > > <message name="testSwap"> > <part name="parameters" element="tns:testSwap" /> > </message> > > <message name="testSwapResponse"> > <part name="parameters" element="tns:testSwapResponse" /> > </message> > > <portType name="TestWSImpl"> > > <operation name="testSwap"> > <input message="tns:testSwap" /> > <output message="tns:testSwapResponse" /> > </operation> > </portType> > > <binding name="SwapTestPortBinding" type="tns:TestWSImpl"> > <soap:binding style="document" > transport="http://schemas.xmlsoap.org/soap/http"; /> > <wsp:PolicyReference > > URI="#wss11_x509_token_with_message_protection_service_policy" > wsdl:required="false" /> > > <operation name="testSwap"> > <soap:operation soapAction="" /> > > <input> > <soap:body use="literal" /> > <wsp:PolicyReference > URI="#SwapTestPort_Input_Policy" > wsdl:required="false" /> > </input> > > <output> > <soap:body use="literal" /> > <wsp:PolicyReference > URI="#SwapTestPort_Output_Policy" > wsdl:required="false" /> > </output> > </operation> > </binding> > > <service name="SwapTestService"> > > <port name="SwapTestPort" binding="tns:SwapTestPortBinding"> > <soap:address > location="http://localhost:7001/swaptest/SwapTest"; /> > > <wsa:EndpointReference> > > <wsa:Address>http://localhost:7001/swaptest/SwapTest</wsa:Address> > <wsid:Identity> > <dsig:KeyInfo> > <dsig:X509Data> > > <dsig:X509Certificate>MIIEUDCCAjigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCQlIxEzARBgNVBAgTClBlcm5hbWJ1Y28xDzANBgNVBAcTBlJlY2lmZTENMAsGA1UEChMEVEpQRTEfMB0GA1UECxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzEfMB0GA1UEAxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzAeFw0wOTA4MTEyMTI1MDdaFw0xNDA4MTEyMTI1MDdaMFkxCzAJBgNVBAYTAkJSMQ0wCwYDVQQKEwRUSlBFMR8wHQYDVQQLExZBcnF1aXRldHVyYSBlIElub3ZhY2FvMRowGAYDVQQDExFJbnRlZ3JhY2FvIEZpc2NhbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAictuCNxhLJ2kP9p6TZvwRUTvuoKHS2HMUVjVR3u42BoMf7t83eZMUvBxc3+KdF4MjABgn8H/dPzlc09xCQcd/E5NbYEqagvW3mcJRmO/RyTQEbEySzHLoG/yEJZSz/5adwrTMaZCdm5SLzqfbL8g2Ojmrw11kGNOgLhD9W4UpnECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPNBvtmMi8wQ6I2PjOWjTNcICTV6MB8GA1UdIwQYMBaAFDv3oNoqns9YZw4QoyP4tzKaZv1SMA0GCSqGSIb3DQEBBQUAA4ICAQBkDVoCKmkMGdDF7sQAPfv6kKXQoWutQZ62jgoXLy9TLnGFDh1lde+AF6uE68PwzhpSq0+LVtysW0nwoV5lm0bqU4xw/eopelyMrXLjRaWEZ45owDzOE/+qOATMsV4AfXb5MVnQVpAQXQPntJtwFivw1AIBacluL8RXWepz1N5dols1HSERDI3jyPZ067nfFLfCbv9pTrRjLk5MQiQ4+Ri7lFT7Oj8gxqO+4mMt4W9xE4SfR3rUDq3Srtz9bQE2sP5vyG3+D+smmtENb5Wv+TlmNzBzYjvBe76gChMDG9ftGuaiX4NOERod0u7x2s2Q94pDngL7wxRuVpI1cCQ2LxYMGeZ1Nf9fqdj9fvG+prg17OPP/Jp/LiO9rz8CZs3krFFcZI0KXvsCfSK67moxW4acE14pBbkNnGsV1V9AogCUHPmrxs/vaAF/+5GKr0USIHIfS/LsSvW0A8I8BFoa72nLtp7nfsx43sXgzGZ/O0XV75guzu/CEA7XtvvYcgcibEjW+1IaXsIWjUljMDFC81IKP+bbUX0lQEfu9lLiwXBh8EPiVmR59ioQIdAZsiPWSn54146aqWoL2qpPrjMBtvQat9q+XZOdwPn0KlmPUdz/khLp8AInFmuUnGJz6/9CPYP+eG/5vJ7kjAGmt8ckkmAdC4dntC6hxYJpLaq418SEtw==</dsig:X509Certificate> > <dsig:X509IssuerSerial> > > <dsig:X509IssuerName>CN=Arquitetura e Inovacao, OU=Arquitetura e > > Inovacao, O=TJPE, L=Recife, ST=Pernambuco, > C=BR</dsig:X509IssuerName> > > <dsig:X509SerialNumber>1</dsig:X509SerialNumber> > </dsig:X509IssuerSerial> > > <dsig:X509SubjectName>CN=Integracao Fiscal, OU=Arquitetura e > Inovacao, > O=TJPE, C=BR</dsig:X509SubjectName> > > <dsig:X509SKI>80G+2YyLzBDojY+M5aNM1wgJNXo=</dsig:X509SKI> > </dsig:X509Data> > </dsig:KeyInfo> > </wsid:Identity> > </wsa:EndpointReference> > </port> > </service> > </definitions> > > Please, any help will be much appretiated ! > Thank you ! > >
-- View this message in context: http://old.nabble.com/Problem-with-WS-SecurityPolicy-using-CXF-client-vs-Oracle-WS.-tp28712412p28720286.html Sent from the cxf-user mailing list archive at Nabble.com.
