Hi again, sorry, my mistake, here's the client config: The client is a standalone java APP and the config consists of this cxf.xml file:
<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:beans="http://www.springframework.org/schema/beans"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xmlns:soap="http://cxf.apache.org/bindings/soap"; xmlns:cxf="http://cxf.apache.org/core"; xmlns:p="http://cxf.apache.org/policy"; xsi:schemaLocation=" http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd "> <jaxws:client name="{http://swap/test/v01}SwapTestPort"; createdFromAPI="true"> <jaxws:properties> <entry key="ws-security.username" value="clientif" /> <entry key="ws-security.callback-handler" value="br.jus.tjpe.seguranca.ClientKeystorePasswordCallback" /> <entry key="ws-security.signature.properties" value="client.properties" /> <entry key="ws-security.encryption.properties" value="service.properties" /> </jaxws:properties> </jaxws:client> </beans> The client.properties and service.properties files are the following: client.properties file: org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.alias=clientif org.apache.ws.security.crypto.merlin.keystore.password=cspass org.apache.ws.security.crypto.merlin.file=clientstore.jks service.properties file: org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.alias=intif org.apache.ws.security.crypto.merlin.keystore.password=cspass org.apache.ws.security.crypto.merlin.file=clientstore.jks I suppose the problems are not with the keystore since the client using the weblogic libraries work. Also, the client is being generated through the following ant task: <target name="cxfWSDLToJava_SWAPTEST"> <java classname="org.apache.cxf.tools.wsdlto.WSDLToJava" fork="true"> <arg value="-client" /> <arg value="-d" /> <arg value="generated" /> <arg value="http://localhost:7001/swaptest/SwapTest?WSDL"; /> <classpath> <path refid="cxf.classpath" /> </classpath> </java> </target> This is all the client config. Just as some more information, this policy created by the oracle tool has description as follow: "This policy enforces message-level protection and certificate-based authentication for inbound SOAP requests in accordance with the WS-Security 1.1 standard. Messages are protected using WS-Security's Basic 128 suite of symmetric key technologies, specifically RSA key mechanisms for message confidentiality, SHA-1 hashing algorithm for message integrity, and AES-128 bit encryption. The keystore is configured through the security configuration. The certificate is extracted from the WS-Security binary security token header, and the credentials in the certificate are validated against the configured identity store." I dunno if the problem is in my client config or in the policy itself (like something proprietary to oracle) since the weblogic client works. Again, thank you very much ! 2010/5/30 CXF-de'per <[email protected]>: > > Post your configurations for ws-security... > > Lupan wrote: >> >> Hello guys, >> I'm having to write a Web service client with CXF 2.2.8 to consume a >> web service which uses WS-SecurityPolicy on it. The policies shown in >> the WSDL are created and managed by an Oracle tool (Oracle Webservices >> Manager), they're not manually written and are shipped with the >> product. The product claims the policies are compliant with the latest >> standards and that are interoperable with other stacks. Because of >> that I'm trying to use the CXF Client since the client written with >> the own Oracle Stack obviously worked. Unfortunately I'm receiving a >> Generic error in the client: >> >> ... >> Caused by: org.apache.cxf.binding.soap.SoapFault: FailedCheck : >> failure in security check >> at >> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75) >> at >> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46) >> at org >> ... >> >> Since this is a client error went to the server logs to see what >> happened. There is a line in the log: >> >> <Error> <oracle.wsm.resources.security> <WSM-00035> <Error in >> Signature reference mechanism compliance : Expected : >> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey >> , Actual : >> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#EncryptedKey.> >> >> I don't know if there is something I'm missing in the CXF client >> configuration or if there is a problem in the Oracle Policy (like >> proprietary tags in it) or anything else. >> Here is the WSDL I'm trying to consume: >> >> <definitions name="SwapTestService" >> targetNamespace="http://swap/test/v01";> >> <wsp:Policy wsu:Id="SwapTestPort_Fault_Policy" /> >> <wsp:Policy wsu:Id="SwapTestPort_Input_Policy"> >> <sp:SignedParts> >> <sp:Body /> >> <sp:Header >> Namespace="http://www.w3.org/2005/08/addressing"; /> >> <sp:Header >> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"; >> /> >> <sp:Header Name="fmw-context" >> Namespace="http://xmlns.oracle.com/fmw/context/1.0"; /> >> </sp:SignedParts> >> <sp:EncryptedParts> >> <sp:Body /> >> <sp:Header Name="fmw-context" >> Namespace="http://xmlns.oracle.com/fmw/context/1.0"; /> >> </sp:EncryptedParts> >> </wsp:Policy> >> <wsp:Policy wsu:Id="SwapTestPort_Output_Policy"> >> <sp:SignedParts> >> <sp:Body /> >> </sp:SignedParts> >> <sp:EncryptedParts> >> <sp:Body /> >> </sp:EncryptedParts> >> </wsp:Policy> >> >> <wsp:Policy >> wsu:Id="wss11_x509_token_with_message_protection_service_policy"> >> <sp:SymmetricBinding> >> <wsp:Policy> >> <sp:ProtectionToken> >> <wsp:Policy> >> <sp:X509Token >> >> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> >> <wsp:Policy> >> >> <sp:RequireThumbprintReference /> >> >> <sp:WssX509V3Token11 /> >> </wsp:Policy> >> </sp:X509Token> >> </wsp:Policy> >> </sp:ProtectionToken> >> >> <sp:AlgorithmSuite> >> <wsp:Policy> >> <sp:Basic128 /> >> </wsp:Policy> >> </sp:AlgorithmSuite> >> >> <sp:Layout> >> <wsp:Policy> >> <sp:Lax /> >> </wsp:Policy> >> </sp:Layout> >> <sp:IncludeTimestamp /> >> <sp:ProtectTokens /> >> <sp:OnlySignEntireHeadersAndBody /> >> </wsp:Policy> >> </sp:SymmetricBinding> >> >> <sp:EndorsingSupportingTokens> >> <wsp:Policy> >> <sp:X509Token >> >> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> >> <wsp:Policy> >> <sp:WssX509V3Token11 /> >> </wsp:Policy> >> </sp:X509Token> >> </wsp:Policy> >> </sp:EndorsingSupportingTokens> >> >> <sp:Wss11> >> <wsp:Policy> >> <sp:RequireSignatureConfirmation /> >> <sp:MustSupportRefEncryptedKey /> >> </wsp:Policy> >> </sp:Wss11> >> </wsp:Policy> >> >> <types> >> >> <xsd:schema> >> <xsd:import namespace="http://swap/test/v01"; >> >> schemaLocation="http://localhost:7001/swaptest/SwapTest?xsd=1"; /> >> </xsd:schema> >> </types> >> >> <message name="testSwap"> >> <part name="parameters" element="tns:testSwap" /> >> </message> >> >> <message name="testSwapResponse"> >> <part name="parameters" element="tns:testSwapResponse" /> >> </message> >> >> <portType name="TestWSImpl"> >> >> <operation name="testSwap"> >> <input message="tns:testSwap" /> >> <output message="tns:testSwapResponse" /> >> </operation> >> </portType> >> >> <binding name="SwapTestPortBinding" type="tns:TestWSImpl"> >> <soap:binding style="document" >> transport="http://schemas.xmlsoap.org/soap/http"; /> >> <wsp:PolicyReference >> >> URI="#wss11_x509_token_with_message_protection_service_policy" >> wsdl:required="false" /> >> >> <operation name="testSwap"> >> <soap:operation soapAction="" /> >> >> <input> >> <soap:body use="literal" /> >> <wsp:PolicyReference >> URI="#SwapTestPort_Input_Policy" >> wsdl:required="false" /> >> </input> >> >> <output> >> <soap:body use="literal" /> >> <wsp:PolicyReference >> URI="#SwapTestPort_Output_Policy" >> wsdl:required="false" /> >> </output> >> </operation> >> </binding> >> >> <service name="SwapTestService"> >> >> <port name="SwapTestPort" binding="tns:SwapTestPortBinding"> >> <soap:address >> location="http://localhost:7001/swaptest/SwapTest"; /> >> >> <wsa:EndpointReference> >> >> <wsa:Address>http://localhost:7001/swaptest/SwapTest</wsa:Address> >> <wsid:Identity> >> <dsig:KeyInfo> >> <dsig:X509Data> >> >> <dsig:X509Certificate>MIIEUDCCAjigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCQlIxEzARBgNVBAgTClBlcm5hbWJ1Y28xDzANBgNVBAcTBlJlY2lmZTENMAsGA1UEChMEVEpQRTEfMB0GA1UECxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzEfMB0GA1UEAxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzAeFw0wOTA4MTEyMTI1MDdaFw0xNDA4MTEyMTI1MDdaMFkxCzAJBgNVBAYTAkJSMQ0wCwYDVQQKEwRUSlBFMR8wHQYDVQQLExZBcnF1aXRldHVyYSBlIElub3ZhY2FvMRowGAYDVQQDExFJbnRlZ3JhY2FvIEZpc2NhbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAictuCNxhLJ2kP9p6TZvwRUTvuoKHS2HMUVjVR3u42BoMf7t83eZMUvBxc3+KdF4MjABgn8H/dPzlc09xCQcd/E5NbYEqagvW3mcJRmO/RyTQEbEySzHLoG/yEJZSz/5adwrTMaZCdm5SLzqfbL8g2Ojmrw11kGNOgLhD9W4UpnECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPNBvtmMi8wQ6I2PjOWjTNcICTV6MB8GA1UdIwQYMBaAFDv3oNoqns9YZw4QoyP4tzKaZv1SMA0GCSqGSIb3DQEBBQUAA4ICAQBkDVoCKmkMGdDF7sQAPfv6kKXQoWutQZ62jgoXLy9TLnGFDh1lde+AF6uE68PwzhpSq0+LVtysW0nwoV5lm0bqU4xw/eopelyMrXLjRaWEZ45owDzOE/+qOATMsV4AfXb5MVnQVpAQXQPntJtwFivw1AIBacluL8RXWepz1N5dols1HSERDI3jyPZ067nfFLfCbv9pTrRjLk5MQiQ4+Ri7lFT7Oj8gxqO+4mMt4W9xE4SfR3rUDq3Srtz9bQE2sP5vyG3+D+smmtENb5Wv+TlmNzBzYjvBe76gChMDG9ftGuaiX4NOERod0u7x2s2Q94pDngL7wxRuVpI1cCQ2LxYMGeZ1Nf9fqdj9fvG+prg17OPP/Jp/LiO9rz8CZs3krFFcZI0KXvsCfSK67moxW4acE14pBbkNnGsV1V9AogCUHPmrxs/vaAF/+5GKr0USIHIfS/LsSvW0A8I8BFoa72nLtp7nfsx43sXgzGZ/O0XV75guzu/CEA7XtvvYcgcibEjW+1IaXsIWjUljMDFC81IKP+bbUX0lQEfu9lLiwXBh8EPiVmR59ioQIdAZsiPWSn54146aqWoL2qpPrjMBtvQat9q+XZOdwPn0KlmPUdz/khLp8AInFmuUnGJz6/9CPYP+eG/5vJ7kjAGmt8ckkmAdC4dntC6hxYJpLaq418SEtw==</dsig:X509Certificate> >> <dsig:X509IssuerSerial> >> >> <dsig:X509IssuerName>CN=Arquitetura e Inovacao, OU=Arquitetura e >> >> Inovacao, O=TJPE, L=Recife, ST=Pernambuco, >> C=BR</dsig:X509IssuerName> >> >> <dsig:X509SerialNumber>1</dsig:X509SerialNumber> >> >> </dsig:X509IssuerSerial> >> >> <dsig:X509SubjectName>CN=Integracao Fiscal, OU=Arquitetura e >> Inovacao, >> O=TJPE, C=BR</dsig:X509SubjectName> >> >> <dsig:X509SKI>80G+2YyLzBDojY+M5aNM1wgJNXo=</dsig:X509SKI> >> </dsig:X509Data> >> </dsig:KeyInfo> >> </wsid:Identity> >> </wsa:EndpointReference> >> </port> >> </service> >> </definitions> >> >> Please, any help will be much appretiated ! >> Thank you ! >> >> > > -- > View this message in context: > http://old.nabble.com/Problem-with-WS-SecurityPolicy-using-CXF-client-vs-Oracle-WS.-tp28712412p28720286.html > Sent from the cxf-user mailing list archive at Nabble.com. > >
