Hi David,
Normally with symmetric binding you'd use the server's certificate to
encrypt the symmetric encryption secret key, and there'd be no reason to
include the certificate in the messages at all - the client needs to
have the certificate before it can make any request to the server, and
the server obviously already has it. Your IncludeToken attribute value
may be messing up the logic in this case, since it asks for the
certificate to always be included The symmetric binding example I used
for CXF at
http://www.ibm.com/developerworks/java/library/j-jws17/index.html#listing1
has ...IncludeToken/Never. Try switching to that and see if it makes a
difference.
- Dennis
Dennis M. Sosnoski
Java SOA and Web Services Consulting <http://www.sosnoski.com/consult.html>
Axis2/CXF/Metro SOA and Web Services Training
<http://www.sosnoski.com/training.html>
Web Services Jump-Start <http://www.sosnoski.com/jumpstart.html>
On 03/22/2011 04:25 AM, David Zhang wrote:
Hello,
i am new to using apache cxf. I want to secure a web service with symmetric
binding, but i always run into an error.
Maybe i did a mistake when configuring the service. Can anybody help me?
I have a self-signed certificate for the server and i have the public key on
the client side.
I generated the client with CXF wsdl2java tool. And it seems to work fine. The
client sends a request to the server. I can watch the request on a tcp/ip
monitor.
There is the ws security header with a binary security token and the soap body
is obviously encrypted.
On the server side the message even gets decrypted. I know this, because the
service implementation is called with correct parameters.
The problem occurs when the response should be sent. I get a null pointer when
a key should be copied into the response:
Caused by: java.lang.NullPointerException
at
com.sun.org.apache.xerces.internal.dom.CoreDocumentImpl.importNode(CoreDocumentImpl.java:1532)
[:1.6.0_24]
at
com.sun.org.apache.xerces.internal.dom.CoreDocumentImpl.importNode(CoreDocumentImpl.java:1498)
[:1.6.0_24]
at
com.sun.xml.internal.messaging.saaj.soap.SOAPDocumentImpl.importNode(SOAPDocumentImpl.java:146)
[:1.6.0_24]
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.cloneElement(AbstractBindingBuilder.java:538)
[:2.3.3]
at
org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doSignBeforeEncrypt(SymmetricBindingHandler.java:306)
[:2.3.3]
... 36 more
With a debugger i observed that in this method a variable sigTok is not null,
but sigTok.getTok returns null.
Can somebody help me with this problem, please?
Here is my security policy:
<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy";
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<sp:SymmetricBinding>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token
IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always";>
<wsp:Policy>
<sp:RequireDerivedKeys/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128Rsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
</wsp:Policy>
