Might this help you:
http://www.jroller.com/gmazza/entry/ssl_for_web_services ? It may be
easier to just hardcode the use of SSL rather than rely on WS-Policy
statements implementing it.
Glen
On 10/13/2011 10:34 AM, Beyer, Doug wrote:
I'm trying to connect to our own .Net web services using java. I need to use
HTTPS.
http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html is
a bit confusing as the configuration examples shown don't seem to align
correctly with the data in the CXF 2.4.2
samples\wsdl_first_https\wsdl\hello_world.wsdl file.
I am not an expert in Spring or CXF and am just trying to get my java web
service client configured as quickly as possible.
Below is a snippet containing the pertinent (I hope) sections from our wsdl:
<wsdl:definitions name="ClientService" targetNamespace="http://www.troppussoftware.com/service/2010/12/"; xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex";
xmlns:wsa10="http://www.w3.org/2005/08/addressing"; xmlns:tns="http://www.troppussoftware.com/service/2010/12/"; xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy";
xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract"; xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata";
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"; xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/";>
<wsp:Policy wsu:Id="CustomBinding_IClientService_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpToken/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss11
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy/>
</sp:Wss11>
<sp:Trust10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
...
<wsdl:service name="ClientService">
<wsdl:port name="CustomBinding_IClientService"
binding="tns:CustomBinding_IClientService">
<soap12:address
location="http://dev.socsuite.com/Services/ClientService.svc/ClientService"/>
<wsa10:EndpointReference>
<wsa10:Address>http://dev.socsuite.com/Services/ClientService.svc/ClientService</wsa10:Address>
<Identity
xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity";>
<Dns>localhost</Dns>
</Identity>
</wsa10:EndpointReference>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
From
http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html , I
decided to use the following shorthand since all our clients will need the same
https conduit for all our services:
Another option for the name attribute is a reg-ex expression for the ORIGINAL
URL of the endpoint. The configuration is matched at conduit creation so the
address used in the WSDL or used for the JAX-WS Service.create(...) call can be
used for the name. For example, you can do:
<http:conduit name="http://localhost:8080/.*";>
......
</http:conduit>
to configure a conduit for all interactions on localhost:8080. If you have
multiple clients interacting with different services on the same server, this
is probably the easiest way to configure it.
That same CXF web page references a blog entry at
http://techpolesen.blogspot.com/2007/08/using-ssl-with-xfirecxf-battling.html .
Using the info from that blog entry, the CXF web page, and my wsdl, I decided
to use the following conduit configuration in my cxf.xml:
<http:conduit name="http://dev.socsuite.com/Services/.*";>
<http:authorization>
<sec:UserName><the user name></sec:UserName>
<sec:Password><the password></sec:Password>
</http:authorization>
<http:tlsClientParameters
secureSocketProtocol="SSL"></http:tlsClientParameters>
</http:conduit>
When I attempt to execute a method of our web service, I get the following from
the CXF debug logging (with log level = INFO):
Oct 13, 2011 7:28:46 AM
org.springframework.context.support.AbstractApplicationContext prepareRefresh
INFO: Refreshing org.apache.cxf.bus.spring.BusApplicationContext@11a01dd:
startup date [Thu Oct 13 07:28:46 PDT 2011]; root of context hierarchy
Oct 13, 2011 7:28:46 AM org.apache.cxf.bus.spring.BusApplicationContext
getConfigResources
INFO: Loaded configuration file cxf.xml.
Oct 13, 2011 7:28:46 AM
org.springframework.beans.factory.xml.XmlBeanDefinitionReader
loadBeanDefinitions
INFO: Loading XML bean definitions from file
[D:\Dev\phoenix_git\protocolprototype2\CxfWebServices\cxf.xml]
Oct 13, 2011 7:28:47 AM
org.springframework.beans.factory.support.DefaultListableBeanFactory
preInstantiateSingletons
INFO: Pre-instantiating singletons in
org.springframework.beans.factory.support.DefaultListableBeanFactory@1abcd9b:
defining beans
[cxf,org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor,org.apache.cxf.bus.spring.Jsr250BeanPostProcessor,org.apache.cxf.bus.spring.BusExtensionPostProcessor,org.apache.cxf.wstx_msv_validation.WoodstoxValidationImpl,LoggingInInterceptor,LoggingOutInterceptor,cxf.config0,http://dev.socsuite.com/Services/.*];
root of factory hierarchy
Oct 13, 2011 7:28:47 AM
org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL
INFO: Creating Service
{http://www.troppussoftware.com/service/2010/12/}ClientService from WSDL:
file:wsdl/ClientService.svc.wsdl
Oct 13, 2011 7:28:48 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl
handleNoRegisteredBuilder
WARNING: No assertion builder for type
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}HttpToken registered.
Oct 13, 2011 7:28:48 AM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IClientService_policy':org.apache.neethi.builders.PrimitiveAssertion
cannot be cast to org.apache.cxf.ws.security.policy.model.Token
ERROR - login_1() - javax.xml.ws.soap.SOAPFaultException:
org.apache.neethi.builders.PrimitiveAssertion cannot be cast to
org.apache.cxf.ws.security.policy.model.Token
Is the problem simple like mis-matched jars or does it have to do with my
configuration?
Thanks in advance for your help.
--
Glen Mazza
Talend - http://www.talend.com/apache
Blog - http://www.jroller.com/gmazza
Twitter - glenmazza
