2nd paragraph, from the top:
http://www.jroller.com/gmazza/entry/cxf_x509_profile
Glen
On 03/02/2012 04:19 AM, martin wrote:
Hello again Glen
I have control over the web service provider. I am running on a Tomcat
server on a local machine.
I tried to reload the keys again thinking I made an error last time (I only
used one client and one server key this time, just to be sure), but I am
still getting the exact same error.
Lastly, you are saying that you put the entire example somewhere on your
blog, but I can't seem to find it. I might just be blind, but I have looked
over the blog entry a couple of times not but I just can't find it. Can you
tell me where it is?
Do you have control over the web service provider, or it's external and
you're only building a client?
I provided the source code in that blog entry, you might wish to
download and at least confirm *that* works, then it's an issue of trying
to extrapolate why my client's OK but yours is having problems (of
course, the fact that you're using a different web service provider that
might have some peculiar requirements is probably going to be the source
of the problem.) Using Wireshark
(http://www.jroller.com/gmazza/entry/soap_calls_over_wireshark) can also
help with your debugging a bit, by making it clearer where the error
messages are coming from.
It appears the "The signature or decryption was invalid" message came
>from the web service provider, that might mean the service has the wrong
client public key in its truststore (when it tried to validate the
client's signature, it's comparing it with the wrong public key) or, if
you're using assymmetric (2-key) binding, your client has the wrong
public key of the service (The client encrypted the message with the
wrong public key and hence the decryption failure when the service tried
to decrypt it with its private key.)
Finally, one of the keys you mentioned below:
keytool -genkey -alias myclient2key -keyalg RSA -sigalg SHA1withRSA
-keypass
ck2pass -storepass cs2pass -keystore client2Keystore.jks -dname
Is unnecessary, it was placed in the tutorial for educational purposes
only.
HTH,
Glen
--
View this message in context:
http://cxf.547215.n5.nabble.com/WS-Security-policy-not-being-enabled-in-CXF-tp5512888p5530444.html
Sent from the cxf-user mailing list archive at Nabble.com.
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza
