Hello again. I have used the tutorial found here to implement security now
(Favouring interceptors instead of WS security policy):
http://www.jroller.com/gmazza/entry/cxf_x509_profile
This has activated encryption on the service as far as I can see, as the old
client now complains over missing security headers as such:
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: An error
was discovered processing the <wsse:Security> header
So far so good.
But then I tried building the client from the tutorial and that didn't work
as well. (by the way very good tutorial, I really got a good idea of how
interceptors work)
I did not use the tutorial 1-1 but I used it to modify my own functioning
web service. This is the error I am getting:
Mar 1, 2012 9:28:25 PM
org.springframework.beans.factory.xml.XmlBeanDefinitionReader
loadBeanDefinitions
INFO: Loading XML bean definitions from class path resource
[orgserver/common/Resources/Client.xml]
Mar 1, 2012 9:28:26 PM
org.apache.cxf.service.factory.ReflectionServiceFactoryBean
buildServiceFromClass
INFO: Creating Service {http://localhost:8080/}SEILoginService from class
orgserver.services.interfaces.SEILogin
Mar 1, 2012 9:28:27 PM
org.apache.cxf.services.SEILoginService.LoginServicePort.LoginService
INFO: Outbound Message
---------------------------
ID: 1
Address: http://localhost:8080/LoginService/services/Login
Encoding: UTF-8
Content-Type: text/xml
Headers: {Accept=[*/*], SOAPAction=[""]}
Payload: <soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Header><wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
soap:mustUnderstand="1"><xenc:EncryptedKey
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
Id="EK-4C079C7FA871DAB16E13306337076504"><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference><ds:X509Data><ds:X509IssuerSerial><ds:X509IssuerName>CN=localhost</ds:X509IssuerName><ds:X509SerialNumber>1330071969</ds:X509SerialNumber></ds:X509IssuerSerial></ds:X509Data></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>D+6WuPyhXg+UwVDaZhzGOoHp10+Ob7NRaQk9Wtjw9DRBswI7GYpzEfZx5NBE0JMy/Znz8lIgVdlF9+REC1vsarYtgWe1rCKfaZAXZQnzzzdbEw2uD6ilhng5JSS/YITrfZOcDXiHB/bKtOf9ETPJHTTuauzc0FZsYLT6tCEgEu0=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference
URI="#ED-4"/><xenc:DataReference
URI="#ED-5"/></xenc:ReferenceList></xenc:EncryptedKey><xenc:EncryptedData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="ED-4"
Type="http://www.w3.org/2001/04/xmlenc#Element";><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey";><wsse:Reference
URI="#EK-4C079C7FA871DAB16E13306337076504"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>rEfGWpgj8FgUzp9Krz9ezyCTTw9fiasjuha58hsDibYSnbdAUy/k2mZdvfo+8oIaxnwaTuW43eNV5EVnHbMcK0ri0V9ZnNEB9xK2D8A0c2w3whppC/fRTyS6ms7bE0W4tRCSFSaHDuFXsYMi7KlfOCyNH4ZJ78o65798zBbA8foNDyHFpokbH6ecSRDNv+cuN7CarVlXX33LXuxVpU7t8NcESjpGzlmLehYhValKIHbWapKF4L8gqM3aIghd9GdlWyQRPO5j1q3iHfzd0lelP92w2KSvbps5OhaakyQSuRNnkMTOu5wECJ23r01v4bQ0LvhaDQViTzeFRRj92vCAQNfWNkyq1+QzQbFVtljc8IEaCDZe0uzND721XBPx9Ub0Pp/WkUg+qFJDrEx+nYoXu9kB/wmVSUkE54twX8yCSu15ZEwOxwhUHgRrxw5xSnHV/5d1akY/Tb1bmoD1vZiSrAFZDwhUeIJURdz+Xsg0GRrg0Ex49rX947m1AUoDJ1OKpPoetzClXsylqTecgalv3FZm0V3fXfYShuAs5bZZR/iA9WwFuh/SpFRc2qjnh2+zXPRM8UAplUaFFc7GyUsVQS0EXExduhHUIqOXAk97SRoPzxCN/a2Or2z9514g3rHhU/4imFkGUHDLf/9E8LSI57CSH18sIs2v34ZLo/BfaM49GVkI+MuUnKYO+d1kBYZoN4b09QHgwW/SDxI3bHFHhj8jwtMSZCt9Fh4LyYw9a2NFu0VLoo+MTw5gIBltgUQc19zDNtJTgPQAOF+d7w7Wjaif0owKBVnabKKl3FSmCm5kSwnHbsadG9TzL5chqVvPupIPYRpV43u8ptHzQmtE9h15LOikEo+qtGjpkA4h+KbEiM42AbqxKV52mHIM2Fh1L6Q3oxXGoAi7f2YHhDcsVxcAo3fvGFwpuy7LJOUvqtv3UgnyV67qipdwjPXss+qq3IxXv+mVLRx9OiJtgnX7BbxRyEJ4B9nyabiSRvsPJcXZ0WA0aoL9AGorPh8jLevfO2+kEi/KLetmOHbDfg1jWMsymWM17OBscj7MJ+iWBAsCF5QjJMdGYCIWGo9Mj3UfsvnA/D5N2NKoTHAwn6OpjOWd4YhBXz7QFO1lDIaCiv3Tvcxc4jonBCwaOTnZoxkLCGQbEOyl+8/VH7wmpmQEYT0zapFSROe1YZk4xGBNV/pGje7MTe3Zr8PUxUIdixW8+m2JWzUczrhO8xBV24LbBQs3jq/kqV+66E187tQUz9hEiOGIIoLNfWo2yhQEhqS0LLktHvDG+UNOcL29kdYsB4Be3z6VJGJfqMB86K/ey6YMt9ig1ni6E04mXaBViiaEa/LQDsgA+cfFaLTSfqQVdTt3WaGEQqL8eTG5/xrXPapNwJH0khFPNNUJdqCYnRAM+j8C1vrsabU5HvqMOqG/mwODqxywRkWcbUZ0vH3m+0pn4m9uwQbo7oYer8AwicGHKtsDmMd0RAZjdirJtEr/wXpcnzLqpMlsQIJy3BBT1GHmtDe2cJOSnNRwS3RcLW+wbLvltMaphXJk0ah25b/dUhFH3NPTrtYVwqdxemdNC/FZEvKCjZ0aIzx9bpC5/GlhqkbWQDXQniv7h2WUwMXtfQ9vUU9a4A9G22Qzie97qyZLKOsYXV9wgYtNJ5CWuUU1XGYWdn5iapc6mYkx1XH4eUcjQnzJthrLbk4uGFtkZN1yFlUg4HUtH6mfDItQGAg2WvWUKsG2CDpxrYU5+47+vHP4ghe6Tq0n24vfT/GVVmoKT1CMZoBtG7OgHGphc6wkP9eipmLyYHaFindODjOX0s7q3Clf2+LnRRGKQsaEC4u0keX7bbGVEcJ+u0Lbf2WWD1tCtN3K2QpXMATRODvWH6sIiFLB4RSPxThvzeTeHrJeuaaHCTwFRNb5b5o4tJZLJMDh8wWh0csKdyrboIZuwnusg4ToEgYUU1G18QYitxVDd5SXSd/BCf7mD31ktWWH0Yb6YtWaYjofg/dydUqzdu4iMNC/STMOJvIytWvFBozrwmKXcThFLlNwvAqexPnz6SgjnI/fd3czJXo5DAXxFXisOrFTsfAzs4KQa9VbBnwU77N4XP6zwavhQaoz6EcyKxwB9WMZlwq18JnPjQiODJL9yxbRF0mVAeji8JHMjjoZMZiPuk0lrb3S4uZpFPEZ7lboLr+e2zfWoZgpGQuuLi//tZdbuwrCRGJ48ZHiT3B5kfvn/DxAygfLs2M7VO3TFOrv6GJRXulOoskujRWXIuizSd6GOCF2ERWznhwb2KSl230CFqrNXdSEgYZ+XNfTawBM6cHGbHDuBRoyayEOVs/IMf3wFx4IqbdnGUItPhg2wbQp7yqvVqcYjSXXzhlEuFf7PpcDybFyaN7lAX76Y9xJaYUYtFJdJu8fVqgtsMLN0N/I4BD8H65aykrNEpNJg4HoGHsgsJMDRDjMJvjUdZedYodP/R6A6vCeenP29jxfXF0tE1F1tMXstiG+BExUq5yJAH3Ulk2Ibi5+4n5wx/JV5W5GVzJ1W+Brn+lhdkTbOhbqgT4uIoS9Jks5JcHVZVRSkiI15L4niQbqbk+bPlJSuLOgz0+C7NrQqD98u5oY3H0axz5d2+2XaJOehURoEBXFqZMgoJ/0HBiq1tPVF4viblukf1BBcW2SX3DQT+GRQaJSJNDzKBI6tAo6YfspOKkD3gjfUV5zPVSEzE/f3tV72asY2dXJhCKtP+4r3ZO6azrMHWOyRrki/pPvEbndecDNbGePQ27/CQ8GUUZgKxuu2XOTwueK</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData><wsu:Timestamp
wsu:Id="TS-1"><wsu:Created>2012-03-01T20:28:27.357Z</wsu:Created><wsu:Expires>2012-03-01T20:33:27.357Z</wsu:Expires></wsu:Timestamp></wsse:Security></soap:Header><soap:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="id-2"><xenc:EncryptedData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="ED-5"
Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey";><wsse:Reference
URI="#EK-4C079C7FA871DAB16E13306337076504"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>VzTHmncSp9ky9+P/nhJQyY3Zn0iGtswtdyrp1VDOvyAxNmeTlTBsRBR1fHOdo7CCmWF8PhNfRHdhfFq7x0+hg/yteIpIyGHCOw2P68n5+kN8nb6EwEZmITrFKJBs0HDzFWVRuExWrByv1xLTi/1LEAiiXdRkygFwhyRDJ1fcRFk=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope>
--------------------------------------
Mar 1, 2012 9:28:27 PM
org.apache.cxf.services.SEILoginService.LoginServicePort.LoginService
INFO: Inbound Message
----------------------------
ID: 1
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml;charset=UTF-8
Headers: {connection=[close], Content-Length=[332],
content-type=[text/xml;charset=UTF-8], Date=[Thu, 01 Mar 2012 20:28:27 GMT],
Server=[Apache-Coyote/1.1]}
Payload: <soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><soap:Fault><faultcode
xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>ns1:FailedCheck</faultcode><faultstring>The
signature or decryption was
invalid</faultstring></soap:Fault></soap:Body></soap:Envelope>
--------------------------------------
Mar 1, 2012 9:28:27 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
handleMessage
WARNING: Request does not contain Security header, but it's a fault.
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: The
signature or decryption was invalid
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)
at $Proxy34.Validate(Unknown Source)
at orgserver.clienttest.EncClient.Validate(EncClient.java:32)
at orgserver.clienttest.EncClient.main(EncClient.java:27)
Caused by: org.apache.cxf.binding.soap.SoapFault: The signature or
decryption was invalid
at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at
org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113)
at
org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
at
org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:799)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1627)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1494)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1402)
at
org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47)
at
org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:195)
at
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at
org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:649)
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:533)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
at
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
... 3 more
Java Result: 1
BUILD SUCCESSFUL (total time: 2 seconds)
Im sorry for the long ugly post, but I don't want to omit anything. But the
issue here seems to be that the server sends a soapfault back complaining
over the signature or encryption method. This seems to indicate that the
client encryption/signing does not match the server.
Client XML
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:jaxws="http://cxf.apache.org/jaxws";
xmlns:http="http://cxf.apache.org/transports/http/configuration";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd";>
<bean id="client" class="orgserver.services.interfaces.SEILogin"
factory-bean="clientFactory" factory-method="create"/>
<bean id="clientFactory"
class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
<property name="serviceClass"
value="orgserver.services.interfaces.SEILogin"/>
<property name="address"
value="http://localhost:8080/LoginService/services/Login"/>
<property name="inInterceptors">
<list>
<ref bean="TimestampSignEncrypt_Response"/>
</list>
</property>
<property name="outInterceptors">
<list>
<ref bean="TimestampSignEncrypt_Request"/>
</list>
</property>
</bean>
<bean
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
id="TimestampSignEncrypt_Request">
<constructor-arg>
<map>
<entry key="action" value="Timestamp Signature Encrypt"/>
<entry key="user" value="myclientkey"/>
<entry key="signaturePropFile"
value="orgserver/common/Resources/clientKeystore.properties"/>
<entry key="encryptionPropFile"
value="orgserver/common/Resources/clientKeystore.properties"/>
<entry key="encryptionUser" value="myservicekey"/>
<entry key="passwordCallbackClass"
value="orgserver.clienttest.ClientPasswordCallback"/>
<entry key="signatureParts"
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
<entry key="encryptionParts"
value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
<entry key="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
</map>
</constructor-arg>
</bean>
<bean
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
id="TimestampSignEncrypt_Response">
<constructor-arg>
<map>
<entry key="action" value="Timestamp Signature Encrypt"/>
<entry key="signaturePropFile"
value="orgserver/common/Resources/clientKeystore.properties"/>
<entry key="decryptionPropFile"
value="orgserver/common/Resources/clientKeystore.properties"/>
<entry key="passwordCallbackClass"
value="orgserver.clienttest.ClientPasswordCallback"/>
</map>
</constructor-arg>
</bean>
</beans>
Server XML
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:jaxws="http://cxf.apache.org/jaxws";
xmlns:soap="http://cxf.apache.org/bindings/soap";
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd";>
<jaxws:endpoint
id="LoginService"
implementor="orgserver.services.Login"
address="/Login">
<jaxws:outInterceptors>
<ref bean="TimestampSignEncrypt_Response"/>
</jaxws:outInterceptors>
<jaxws:inInterceptors>
<ref bean="TimestampSignEncrypt_Request"/>
</jaxws:inInterceptors>
</jaxws:endpoint>
<bean
id="TimestampSignEncrypt_Request"
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
>
<constructor-arg>
<map>
<entry key="action" value="Timestamp Signature Encrypt"/>
<entry key="signaturePropFile"
value="server-crypto.properties"/>
<entry key="decryptionPropFile"
value="server-crypto.properties"/>
<entry key="passwordCallbackClass"
value="orgserver.common.services.ServerCallback"/>
</map>
</constructor-arg>
</bean>
<bean
id="TimestampSignEncrypt_Response"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
>
<constructor-arg>
<map>
<entry key="action" value="Timestamp Signature Encrypt"/>
<entry key="user" value="myservicekey"/>
<entry key="signaturePropFile"
value="server-crypto.properties"/>
<entry key="encryptionPropFile"
value="server-crypto.properties"/>
<entry key="encryptionUser" value="useReqSigCert"/>
<entry key="passwordCallbackClass"
value="orgserver.common.services.ServerCallback"/>
<entry key="signatureParts"
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
<entry key="encryptionParts"
value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
<entry key="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
</map>
</constructor-arg>
</bean>
</beans>
Client callback
public ClientPasswordCallback() {
passwords.put("myclientkey", "ckpass");
}
Server Callback
public ServerCallback() {
passwords.put("myservicekey", "skpass");
}
Server-Crypto
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.file=serviceKeystore.jks
org.apache.ws.security.crypto.merlin.keystore.password=sspass
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.alias=myservicekey
Client-Crypto
org.apache.ws.security.crypto.merlin.keystore.file=clientKeystore.jks
org.apache.ws.security.crypto.merlin.keystore.password=cspass
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.alias=myclientkey
I have made certain that all the files are where they are supposed to be
(And they do throw exceptions if I move them, I checked). I have used the
key tool as described in the tutorial, I shamelessly copied/pasted into my
terminal.
Can anyone see my problem. The only alarm bell I see is the tag
<entry key="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
used in both client and server xmls. Does this describe a symmetric
algorithm? Because the keys used are RSA keys (which is an assymetric key)
These are the keys in question:
keytool -genkey -alias myservicekey -keyalg RSA -sigalg SHA1withRSA -keypass
skpass -storepass sspass -keystore serviceKeystore.jks -dname "cn=localhost"
keytool -genkey -alias myclientkey -keyalg RSA -sigalg SHA1withRSA -keypass
ckpass -storepass cspass -keystore clientKeystore.jks -dname "cn=clientuser"
keytool -genkey -alias myclient2key -keyalg RSA -sigalg SHA1withRSA -keypass
ck2pass -storepass cs2pass -keystore client2Keystore.jks -dname
"cn=client2user"
Am i missing a symmetric key to be transported by the RSA or what am i doing
wrong?
HELP!
-Martin
And thank you in advance.
-Although it's WSDL-first, link #14 (WS-SecPol method) might help you
-determine the Policy statements needed:
-http://www.jroller.com/gmazza/entry/blog_article_index
-Since you're doing Java-first you'll need to wire in the WS-Policy
-statements as described elsewhere (@Policy annotation).
-Glen
On 02/27/2012 01:53 PM, martin wrote:
> Thank you for your reply.
> I have been trying to find an example of how to write the policy.xml file.
> Do you know of any example i can use?
> Do I have to include namespaces in the policy file?
> Do I have to include something in other files beside the policy
> exceptions?
> Thank you for your time
>
>
>> You're wsdl doesn't contain any security policy fragments or anything to
>> define the security requirements. There are two options:
>> 1) Use the WSS4JInInterceptor documented at:
>> http://cxf.apache.org/docs/ws-security.html
>
>> 2) Create a WS-Policy document that describes the policy you want to
> enforce
>> and attach that to the service via something like the @Policy annotation
>> or
>> similar.
>> Dan
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/WS-Security-policy-not-being-enabled-in-CXF-tp5512888p5519791.html
> Sent from the cxf-user mailing list archive at Nabble.com.
... [show rest of quote]
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza
--
View this message in context:
http://cxf.547215.n5.nabble.com/WS-Security-policy-not-being-enabled-in-CXF-tp5512888p5529180.html
Sent from the cxf-user mailing list archive at Nabble.com.
