Thanks for the response.
>From the article your referenced, my take away is:
1) I don't think I need to do anything with the web server side of things,
correct?
2) I've confirmed that for our web services, no specific certificates are
needed on the client side.
3) The client needs to ensure that the protocol being used HTTPS and that the
login credentials get sent correctly. Am I correct in that if I use
ClientService svcObj = new ClientService();
IClientService svc = svcObj.getCustomBindingIClientService();
BindingProvider provider = (BindingProvider)svc;
provider.getRequestContext().put(
BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
"https://dev.socsuite.com/Services/ClientService.svc";);
provider.getRequestContext().put(BindingProvider.USERNAME_PROPERTY,
"username");
provider.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,
"password");
Then the need for **all** this configuration goes away:
<http:conduit name="http://dev.socsuite.com/Services/.*";>
<!-- Hopefully this sets up a SOAP Security element?!? -->
<http:authorization>
<sec:UserName><the user name></sec:UserName>
<sec:Password><the password></sec:Password>
</http:authorization>
<!-- Should set up https. -->
<http:tlsClientParameters
secureSocketProtocol="SSL"></http:tlsClientParameters>
</http:conduit>
4) Assuming that #3 above was correct but I still want to use configuration, do
you have any comments about my configuration shown in the original email and
how that might be causing the runtime error shown in the CXF debug log output?
Do I need to spend time understanding WS-Policy to get around that runtime
error?
Thanks again for helping.
-----Original Message-----
From: Glen Mazza [mailto:[email protected]]
Sent: Thursday, October 13, 2011 8:04 AM
To: [email protected]
Subject: Re: Configuration for https
Might this help you:
http://www.jroller.com/gmazza/entry/ssl_for_web_services ? It may be easier to
just hardcode the use of SSL rather than rely on WS-Policy statements
implementing it.
Glen
On 10/13/2011 10:34 AM, Beyer, Doug wrote:
> I'm trying to connect to our own .Net web services using java. I need to use
> HTTPS.
> http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
> is a bit confusing as the configuration examples shown don't seem to align
> correctly with the data in the CXF 2.4.2
> samples\wsdl_first_https\wsdl\hello_world.wsdl file.
>
> I am not an expert in Spring or CXF and am just trying to get my java web
> service client configured as quickly as possible.
>
> Below is a snippet containing the pertinent (I hope) sections from our wsdl:
>
> <wsdl:definitions name="ClientService"
> targetNamespace="http://www.troppussoftware.com/service/2010/12/";
> xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";
> xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex";
> xmlns:wsa10="http://www.w3.org/2005/08/addressing";
> xmlns:tns="http://www.troppussoftware.com/service/2010/12/";
> xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/";
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
> xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy";
> xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract";
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
> xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata";
> xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl";
> xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/";
> xmlns:xsd="http://www.w3.org/2001/XMLSchema";
> xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/";>
> <wsp:Policy wsu:Id="CustomBinding_IClientService_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:TransportBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:TransportToken>
> <wsp:Policy>
> <sp:HttpToken/>
> </wsp:Policy>
> </sp:TransportToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> </wsp:Policy>
> </sp:TransportBinding>
> <sp:SignedSupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:UsernameToken
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
> <wsp:Policy>
> <sp:WssUsernameToken10/>
> </wsp:Policy>
> </sp:UsernameToken>
> </wsp:Policy>
> </sp:SignedSupportingTokens>
> <sp:Wss11
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy/>
> </sp:Wss11>
> <sp:Trust10
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens/>
> <sp:RequireClientEntropy/>
> <sp:RequireServerEntropy/>
> </wsp:Policy>
> </sp:Trust10>
> <wsaw:UsingAddressing/>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
> ...
>
> <wsdl:service name="ClientService">
> <wsdl:port name="CustomBinding_IClientService"
> binding="tns:CustomBinding_IClientService">
> <soap12:address
> location="http://dev.socsuite.com/Services/ClientService.svc/ClientService"/>
> <wsa10:EndpointReference>
>
> <wsa10:Address>http://dev.socsuite.com/Services/ClientService.svc/ClientService</wsa10:Address>
> <Identity
> xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity";>
> <Dns>localhost</Dns>
> </Identity>
> </wsa10:EndpointReference>
> </wsdl:port>
> </wsdl:service>
> </wsdl:definitions>
>
>
> From
> http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html ,
> I decided to use the following shorthand since all our clients will need the
> same https conduit for all our services:
> Another option for the name attribute is a reg-ex expression for the ORIGINAL
> URL of the endpoint. The configuration is matched at conduit creation so the
> address used in the WSDL or used for the JAX-WS Service.create(...) call can
> be used for the name. For example, you can do:
> <http:conduit name="http://localhost:8080/.*";>
> ......
> </http:conduit>
> to configure a conduit for all interactions on localhost:8080. If you have
> multiple clients interacting with different services on the same server, this
> is probably the easiest way to configure it.
> That same CXF web page references a blog entry at
> http://techpolesen.blogspot.com/2007/08/using-ssl-with-xfirecxf-battling.html
> . Using the info from that blog entry, the CXF web page, and my wsdl, I
> decided to use the following conduit configuration in my cxf.xml:
>
> <http:conduit name="http://dev.socsuite.com/Services/.*";>
>
> <http:authorization>
>
> <sec:UserName><the user name></sec:UserName>
>
> <sec:Password><the password></sec:Password>
>
> </http:authorization>
>
> <http:tlsClientParameters
> secureSocketProtocol="SSL"></http:tlsClientParameters>
>
> </http:conduit>
> When I attempt to execute a method of our web service, I get the following
> from the CXF debug logging (with log level = INFO):
> Oct 13, 2011 7:28:46 AM
> org.springframework.context.support.AbstractApplicationContext
> prepareRefresh
> INFO: Refreshing
> org.apache.cxf.bus.spring.BusApplicationContext@11a01dd: startup date
> [Thu Oct 13 07:28:46 PDT 2011]; root of context hierarchy Oct 13, 2011
> 7:28:46 AM org.apache.cxf.bus.spring.BusApplicationContext
> getConfigResources
> INFO: Loaded configuration file cxf.xml.
> Oct 13, 2011 7:28:46 AM
> org.springframework.beans.factory.xml.XmlBeanDefinitionReader
> loadBeanDefinitions
> INFO: Loading XML bean definitions from file
> [D:\Dev\phoenix_git\protocolprototype2\CxfWebServices\cxf.xml]
> Oct 13, 2011 7:28:47 AM
> org.springframework.beans.factory.support.DefaultListableBeanFactory
> preInstantiateSingletons
> INFO: Pre-instantiating singletons in
> org.springframework.beans.factory.support.DefaultListableBeanFactory@1
> abcd9b: defining beans
> [cxf,org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor,org.a
> pache.cxf.bus.spring.Jsr250BeanPostProcessor,org.apache.cxf.bus.spring
> .BusExtensionPostProcessor,org.apache.cxf.wstx_msv_validation.Woodstox
> ValidationImpl,LoggingInInterceptor,LoggingOutInterceptor,cxf.config0,
> http://dev.socsuite.com/Services/.*]; root of factory hierarchy Oct
> 13, 2011 7:28:47 AM
> org.apache.cxf.service.factory.ReflectionServiceFactoryBean
> buildServiceFromWSDL
> INFO: Creating Service
> {http://www.troppussoftware.com/service/2010/12/}ClientService from
> WSDL: file:wsdl/ClientService.svc.wsdl Oct 13, 2011 7:28:48 AM
> org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl
> handleNoRegisteredBuilder
> WARNING: No assertion builder for type
> {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}HttpToken registered.
> Oct 13, 2011 7:28:48 AM
> org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvi
> der getElementPolicy
> WARNING: Failed to build the policy
> 'CustomBinding_IClientService_policy':org.apache.neethi.builders.Primi
> tiveAssertion cannot be cast to
> org.apache.cxf.ws.security.policy.model.Token
> ERROR - login_1() - javax.xml.ws.soap.SOAPFaultException:
> org.apache.neethi.builders.PrimitiveAssertion cannot be cast to
> org.apache.cxf.ws.security.policy.model.Token
> Is the problem simple like mis-matched jars or does it have to do with my
> configuration?
> Thanks in advance for your help.
>
>
>
--
Glen Mazza
Talend - http://www.talend.com/apache
Blog - http://www.jroller.com/gmazza
Twitter - glenmazza
