I don't see anything obviously wrong with your config. I added a test that uses WS-SecurityPolicy to CXF based on your test-case and it works as expected:
http://svn.apache.org/viewvc?view=revision&revision=1350561 Could you supply a test-case that reproduces the problem? Colm. On Thu, Jun 14, 2012 at 2:36 PM, Sunil Bapat <[email protected]> wrote: > I am trying to call a web service which is secured by > AsymmetricBinding with HOK SAML assertion (wsdl is below). This web > service is called from another web service, i.e., the client is > another web service. > > When I make the call to the service from the client, the message is > not signed or encrypted, and the saml assertion is not inserted into > the header. The SOAP message is a plain soap message without security > headers or signatures or encryption. > > The client code and the corresponding configuration is below. Am I > missing something? Do I need to explicitly define the wss4j > interceptors, instead of the code below? I assumed that because of the > policy defined, the interceptor would be automatically configured > based on the properties in the request context. > > Any ideas? > > ---------------------------- > Client code: > > BindingProvider bindingProvider = (BindingProvider)helloWorldService; > > bindingProvider.getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER, > new SAMLCallbackHandler(samlAssertionElement)); > > bindingProvider.getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES, > "clientkeystore.properties"); > > bindingProvider.getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME, > "client"); > > bindingProvider.getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, > "clienttruststore.properties"); > bindingProvider.getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME, > "server"); > > String result = helloWorldService.sayHello(username); > > ---------------------------- > Client Config: > > <bean id="helloWorldServiceClient" > > class="com.test.services.helloworldservice.HelloWorldServicePortType" > factory-bean="helloWorldServiceClientFactory" > factory-method="create"> > </bean> > > <bean id="helloWorldServiceClientFactory" > class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean"> > <property name="serviceClass" > > value="com.test.services.helloworldservice.HelloWorldServicePortType" > /> > <property name="address" > value="http://localhost:8080/hok-helloworld-ws/HelloWorldService?wsdl"; > /> > <property name="bus" ref="cxf" /> > </bean> > > ------------------------------ > WSDL: > > <?xml version='1.0' encoding='UTF-8'?><wsdl:definitions > name="HelloWorldService" > targetNamespace="http://test.com/services/HelloWorldService"; > xmlns:ns1="http://schemas.xmlsoap.org/soap/http"; > xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; > xmlns:tns="http://test.com/services/HelloWorldService"; > xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; > xmlns:wsp="http://www.w3.org/ns/ws-policy"; > xmlns:xsd="http://www.w3.org/2001/XMLSchema";> > <wsdl:types> > <xs:schema elementFormDefault="unqualified" > targetNamespace="http://test.com/services/HelloWorldService"; > version="1.0" xmlns:tns="http://test.com/services/HelloWorldService"; > xmlns:xs="http://www.w3.org/2001/XMLSchema";> > <xs:element name="sayHello" type="tns:sayHello"/> > <xs:element name="sayHelloResponse" type="tns:sayHelloResponse"/> > <xs:complexType name="sayHello"> > <xs:sequence> > <xs:element minOccurs="0" name="userName" type="xs:string"/> > </xs:sequence> > </xs:complexType> > <xs:complexType name="sayHelloResponse"> > <xs:sequence> > <xs:element minOccurs="0" name="return" type="xs:string"/> > </xs:sequence> > </xs:complexType> > </xs:schema> > </wsdl:types> > <wsdl:message name="sayHelloResponse"> > <wsdl:part element="tns:sayHelloResponse" name="parameters"> > </wsdl:part> > </wsdl:message> > <wsdl:message name="sayHello"> > <wsdl:part element="tns:sayHello" name="parameters"> > </wsdl:part> > </wsdl:message> > <wsdl:portType name="HelloWorldServicePortType"> > <wsdl:operation name="sayHello"> > <wsdl:input message="tns:sayHello" name="sayHello"> > </wsdl:input> > <wsdl:output message="tns:sayHelloResponse" name="sayHelloResponse"> > </wsdl:output> > </wsdl:operation> > </wsdl:portType> > <wsdl:binding name="HelloWorldServiceSoapBinding" > type="tns:HelloWorldServicePortType"> > <soap:binding style="document" > transport="http://schemas.xmlsoap.org/soap/http"/> > <wsp:PolicyReference URI="#asymmetricSAMLPolicy"/> > <wsdl:operation name="sayHello"> > <soap:operation soapAction="" style="document"/> > <wsdl:input name="sayHello"> > <soap:body use="literal"/> > <wsp:PolicyReference URI="#inputPolicy"/> > </wsdl:input> > <wsdl:output name="sayHelloResponse"> > <soap:body use="literal"/> > <wsp:PolicyReference URI="#outputPolicy"/> > </wsdl:output> > </wsdl:operation> > </wsdl:binding> > <wsdl:service name="HelloWorldService"> > <wsdl:port binding="tns:HelloWorldServiceSoapBinding" > name="HelloWorldServicePort"> > <soap:address > location="http://localhost:8080/hok-helloworld-ws/HelloWorldService?wsdl > "/> > </wsdl:port> > </wsdl:service> > <wsp:Policy wsu:Id="asymmetricSAMLPolicy" > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; > xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"; > xmlns:wsp="http://www.w3.org/ns/ws-policy"; > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > "> > <wsp:ExactlyOne> > <wsp:All> > <wsam:Addressing wsp:Optional="false"/> > <sp:AsymmetricBinding> > <wsp:Policy> > <sp:InitiatorToken> > <wsp:Policy> > <sp:SamlToken > sp:IncludeToken=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > "> > <wsp:Policy> > <sp:WssSamlV20Token11/> > </wsp:Policy> > </sp:SamlToken> > </wsp:Policy> > </sp:InitiatorToken> > <sp:RecipientToken> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never > "> > <wsp:Policy> > <sp:WssX509V3Token10/> > <sp:RequireIssuerSerialReference/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:RecipientToken> > <sp:Layout> > <wsp:Policy> > <sp:Strict/> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp/> > <sp:OnlySignEntireHeadersAndBody/> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:Basic128/> > </wsp:Policy> > </sp:AlgorithmSuite> > </wsp:Policy> > </sp:AsymmetricBinding> > <sp:Wss10> > <wsp:Policy> > <sp:MustSupportRefIssuerSerial/> > </wsp:Policy> > </sp:Wss10> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > <wsp:Policy wsu:Id="inputPolicy" > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; > xmlns:wsp="http://www.w3.org/ns/ws-policy"; > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > "> > <wsp:ExactlyOne> > <wsp:All> > <sp:EncryptedParts> > <sp:Body/> > </sp:EncryptedParts> > <sp:SignedParts> > <sp:Body/> > </sp:SignedParts> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > <wsp:Policy wsu:Id="outputPolicy" > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; > xmlns:wsp="http://www.w3.org/ns/ws-policy"; > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > "> > <wsp:ExactlyOne> > <wsp:All> > <sp:EncryptedParts> > <sp:Body/> > </sp:EncryptedParts> > <sp:SignedParts> > <sp:Body/> > </sp:SignedParts> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > </wsdl:definitions> > -------------------------------------------------------- > > Thanks > Sunil. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
