Thanks for your response! I tried what you suggested but now Im getting the
following error:
org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers:
[{http://www.w3.org/2005/08/addressing}Action,
{http://www.w3.org/2005/08/addressing}To,
{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
.0.xsd}Security] are not understood.
Maybe CXF needs some external library to handle these headers? What puzzle
me a bit is that the security header is not understood
Should not this be
the job of wss4j???
Thanks,
matteo
Da: Dennis Sosnoski [mailto:[email protected]]
Inviato: venerdì 28 gennaio 2011 09:07
A: [email protected]
Oggetto: Re: CXF and WCF interoperability
Hi Matteo,
I'd think you'd be better off using WS-SecurityPolicy configurations for
your security handling. If the security policy configurations are
reasonably simple (which sounds like your case) and clean they should
work across a range of stacks.
You can see my article discussing CXF WS-SecurityPolicy basics for a
starting point: http://www.ibm.com/developerworks/java/library/j-jws13.html
- Dennis
Dennis M. Sosnoski
Java SOA and Web Services Consulting <http://www.sosnoski.com/consult.html>
Axis2/CXF/Metro SOA and Web Services Training
<http://www.sosnoski.com/training.html>
Web Services Jump-Start <http://www.sosnoski.com/jumpstart.html>
On 01/28/2011 08:53 PM, matteo rulli wrote:
> Dear all,
>
> we have been working with CXF for a year and we are completely satisfied
> with that. In the last week we had the idea to interact with a Microsoft
WCF
> client (.net 4.0). We managed to interact quite well generating the WCF
> proxy from the wsdl published by CXF. Then we threw ws-security in to that
> and the maelstrom began.
>
>
>
> We protect envelopes at message level with X.509 certs and we are using
> mutual auth. with msg body signature and encryption. Server-side (CXF) we
> are using WSS4J as security provider and we have the following
> configuration:
>
>
>
> outProps.put("action","UsernameToken Signature Encrypt");
>
> outProps.put("passwordType","PasswordText");
>
> outProps.put("user",user);
>
> outProps.put("signatureUser","serverx509v1");
>
>
>
outProps.put("passwordCallbackClass","plat1.ws.security.handlers.UTPasswordC
> allback");
>
> outProps.put("encryptionUser","clientx509v1");
>
> outProps.put("encryptionPropFile","Server_SignVerf.properties");
>
> outProps.put("encryptionKeyIdentifier", "IssuerSerial");
>
>
>
outProps.put("encryptionParts","{Content}{http://schemas.xmlsoap.org/soap/en
> velope/}Body");
>
> outProps.put("signaturePropFile","Server_Decrypt.properties");
>
> outProps.put("signatureKeyIdentifier", "DirectReference");
>
>
>
outProps.put("signatureParts","{Element}{http://schemas.xmlsoap.org/soap/env
> elope/}Body");
>
>
>
> where
>
>
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
> pto.Merlin
>
> org.apache.ws.security.crypto.merlin.keystore.type=jks
>
>
>
> The point is that we are not able to implement a WCF client which is able
to
> interact with our server: could anybody suggest where we could find a
> working example/how-to? I found this claim about CXF:
>
> "The GOOD news is that CXF 2.2 now passes the Microsoft
> Interop PlugFest tests for WS-Security 1.0 and 1.1, WS-SecureConversation,
> and the client side portion of WS-Trust 1.0 and parts of WS-Trust 1.3.
> That's a
>
> huge step forward in interopability with WCF."
>
> So I think someone should have produced a test-bench for these
> interoperability tests: does anybody know if this test-bench is publicly
> available?
>
>
>
> Thank you very much.
>
>
>
> Matteo Rulli
>
>
>
>
>
_____
Nessun virus nel messaggio.
Controllato da AVG - www.avg.com
Versione: 10.0.1204 / Database dei virus: 1435/3407 - Data di rilascio:
27/01/2011
