Hi Matteo, I'd think you'd be better off using WS-SecurityPolicy configurations for your security handling. If the security policy configurations are reasonably simple (which sounds like your case) and clean they should work across a range of stacks.
You can see my article discussing CXF WS-SecurityPolicy basics for a starting point: http://www.ibm.com/developerworks/java/library/j-jws13.html - Dennis Dennis M. Sosnoski Java SOA and Web Services Consulting <http://www.sosnoski.com/consult.html> Axis2/CXF/Metro SOA and Web Services Training <http://www.sosnoski.com/training.html> Web Services Jump-Start <http://www.sosnoski.com/jumpstart.html> On 01/28/2011 08:53 PM, matteo rulli wrote: > Dear all, > > we have been working with CXF for a year and we are completely satisfied > with that. In the last week we had the idea to interact with a Microsoft WCF > client (.net 4.0). We managed to interact quite well generating the WCF > proxy from the wsdl published by CXF. Then we threw ws-security in to that > and the maelstrom began. > > > > We protect envelopes at message level with X.509 certs and we are using > mutual auth. with msg body signature and encryption. Server-side (CXF) we > are using WSS4J as security provider and we have the following > configuration: > > > > outProps.put("action","UsernameToken Signature Encrypt"); > > outProps.put("passwordType","PasswordText"); > > outProps.put("user",user); > > outProps.put("signatureUser","serverx509v1"); > > > outProps.put("passwordCallbackClass","plat1.ws.security.handlers.UTPasswordC > allback"); > > outProps.put("encryptionUser","clientx509v1"); > > outProps.put("encryptionPropFile","Server_SignVerf.properties"); > > outProps.put("encryptionKeyIdentifier", "IssuerSerial"); > > > outProps.put("encryptionParts","{Content}{http://schemas.xmlsoap.org/soap/en > velope/}Body"); > > outProps.put("signaturePropFile","Server_Decrypt.properties"); > > outProps.put("signatureKeyIdentifier", "DirectReference"); > > > outProps.put("signatureParts","{Element}{http://schemas.xmlsoap.org/soap/env > elope/}Body"); > > > > where > > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry > pto.Merlin > > org.apache.ws.security.crypto.merlin.keystore.type=jks > > > > The point is that we are not able to implement a WCF client which is able to > interact with our server: could anybody suggest where we could find a > working example/how-to? I found this claim about CXF: > > "The GOOD news is that CXF 2.2 now passes the Microsoft > Interop PlugFest tests for WS-Security 1.0 and 1.1, WS-SecureConversation, > and the client side portion of WS-Trust 1.0 and parts of WS-Trust 1.3. > That's a > > huge step forward in interopability with WCF." > > So I think someone should have produced a test-bench for these > interoperability tests: does anybody know if this test-bench is publicly > available? > > > > Thank you very much. > > > > Matteo Rulli > > > > >
