Could it be because I am invoking the client from a web service method of a different service that is not secured? The client to this web service is another web service.
Thanks Sunil. On Fri, Jun 15, 2012 at 6:24 AM, Colm O hEigeartaigh <[email protected]> wrote: > I don't see anything obviously wrong with your config. I added a test that > uses WS-SecurityPolicy to CXF based on your test-case and it works as > expected: > > http://svn.apache.org/viewvc?view=revision&revision=1350561 > > Could you supply a test-case that reproduces the problem? > > Colm. > > On Thu, Jun 14, 2012 at 2:36 PM, Sunil Bapat <[email protected]> wrote: > >> I am trying to call a web service which is secured by >> AsymmetricBinding with HOK SAML assertion (wsdl is below). This web >> service is called from another web service, i.e., the client is >> another web service. >> >> When I make the call to the service from the client, the message is >> not signed or encrypted, and the saml assertion is not inserted into >> the header. The SOAP message is a plain soap message without security >> headers or signatures or encryption. >> >> The client code and the corresponding configuration is below. Am I >> missing something? Do I need to explicitly define the wss4j >> interceptors, instead of the code below? I assumed that because of the >> policy defined, the interceptor would be automatically configured >> based on the properties in the request context. >> >> Any ideas? >> >> ---------------------------- >> Client code: >> >> BindingProvider bindingProvider = (BindingProvider)helloWorldService; >> >> bindingProvider.getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER, >> new SAMLCallbackHandler(samlAssertionElement)); >> >> bindingProvider.getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES, >> "clientkeystore.properties"); >> >> bindingProvider.getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME, >> "client"); >> >> bindingProvider.getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, >> "clienttruststore.properties"); >> bindingProvider.getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME, >> "server"); >> >> String result = helloWorldService.sayHello(username); >> >> ---------------------------- >> Client Config: >> >> <bean id="helloWorldServiceClient" >> >> class="com.test.services.helloworldservice.HelloWorldServicePortType" >> factory-bean="helloWorldServiceClientFactory" >> factory-method="create"> >> </bean> >> >> <bean id="helloWorldServiceClientFactory" >> class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean"> >> <property name="serviceClass" >> >> value="com.test.services.helloworldservice.HelloWorldServicePortType" >> /> >> <property name="address" >> value="http://localhost:8080/hok-helloworld-ws/HelloWorldService?wsdl"; >> /> >> <property name="bus" ref="cxf" /> >> </bean> >> >> ------------------------------ >> WSDL: >> >> <?xml version='1.0' encoding='UTF-8'?><wsdl:definitions >> name="HelloWorldService" >> targetNamespace="http://test.com/services/HelloWorldService"; >> xmlns:ns1="http://schemas.xmlsoap.org/soap/http"; >> xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; >> xmlns:tns="http://test.com/services/HelloWorldService"; >> xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; >> xmlns:wsp="http://www.w3.org/ns/ws-policy"; >> xmlns:xsd="http://www.w3.org/2001/XMLSchema";> >> <wsdl:types> >> <xs:schema elementFormDefault="unqualified" >> targetNamespace="http://test.com/services/HelloWorldService"; >> version="1.0" xmlns:tns="http://test.com/services/HelloWorldService"; >> xmlns:xs="http://www.w3.org/2001/XMLSchema";> >> <xs:element name="sayHello" type="tns:sayHello"/> >> <xs:element name="sayHelloResponse" type="tns:sayHelloResponse"/> >> <xs:complexType name="sayHello"> >> <xs:sequence> >> <xs:element minOccurs="0" name="userName" type="xs:string"/> >> </xs:sequence> >> </xs:complexType> >> <xs:complexType name="sayHelloResponse"> >> <xs:sequence> >> <xs:element minOccurs="0" name="return" type="xs:string"/> >> </xs:sequence> >> </xs:complexType> >> </xs:schema> >> </wsdl:types> >> <wsdl:message name="sayHelloResponse"> >> <wsdl:part element="tns:sayHelloResponse" name="parameters"> >> </wsdl:part> >> </wsdl:message> >> <wsdl:message name="sayHello"> >> <wsdl:part element="tns:sayHello" name="parameters"> >> </wsdl:part> >> </wsdl:message> >> <wsdl:portType name="HelloWorldServicePortType"> >> <wsdl:operation name="sayHello"> >> <wsdl:input message="tns:sayHello" name="sayHello"> >> </wsdl:input> >> <wsdl:output message="tns:sayHelloResponse" name="sayHelloResponse"> >> </wsdl:output> >> </wsdl:operation> >> </wsdl:portType> >> <wsdl:binding name="HelloWorldServiceSoapBinding" >> type="tns:HelloWorldServicePortType"> >> <soap:binding style="document" >> transport="http://schemas.xmlsoap.org/soap/http"/> >> <wsp:PolicyReference URI="#asymmetricSAMLPolicy"/> >> <wsdl:operation name="sayHello"> >> <soap:operation soapAction="" style="document"/> >> <wsdl:input name="sayHello"> >> <soap:body use="literal"/> >> <wsp:PolicyReference URI="#inputPolicy"/> >> </wsdl:input> >> <wsdl:output name="sayHelloResponse"> >> <soap:body use="literal"/> >> <wsp:PolicyReference URI="#outputPolicy"/> >> </wsdl:output> >> </wsdl:operation> >> </wsdl:binding> >> <wsdl:service name="HelloWorldService"> >> <wsdl:port binding="tns:HelloWorldServiceSoapBinding" >> name="HelloWorldServicePort"> >> <soap:address >> location="http://localhost:8080/hok-helloworld-ws/HelloWorldService?wsdl >> "/> >> </wsdl:port> >> </wsdl:service> >> <wsp:Policy wsu:Id="asymmetricSAMLPolicy" >> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; >> xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"; >> xmlns:wsp="http://www.w3.org/ns/ws-policy"; >> xmlns:wsu=" >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >> "> >> <wsp:ExactlyOne> >> <wsp:All> >> <wsam:Addressing wsp:Optional="false"/> >> <sp:AsymmetricBinding> >> <wsp:Policy> >> <sp:InitiatorToken> >> <wsp:Policy> >> <sp:SamlToken >> sp:IncludeToken=" >> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient >> "> >> <wsp:Policy> >> <sp:WssSamlV20Token11/> >> </wsp:Policy> >> </sp:SamlToken> >> </wsp:Policy> >> </sp:InitiatorToken> >> <sp:RecipientToken> >> <wsp:Policy> >> <sp:X509Token >> sp:IncludeToken=" >> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never >> "> >> <wsp:Policy> >> <sp:WssX509V3Token10/> >> <sp:RequireIssuerSerialReference/> >> </wsp:Policy> >> </sp:X509Token> >> </wsp:Policy> >> </sp:RecipientToken> >> <sp:Layout> >> <wsp:Policy> >> <sp:Strict/> >> </wsp:Policy> >> </sp:Layout> >> <sp:IncludeTimestamp/> >> <sp:OnlySignEntireHeadersAndBody/> >> <sp:AlgorithmSuite> >> <wsp:Policy> >> <sp:Basic128/> >> </wsp:Policy> >> </sp:AlgorithmSuite> >> </wsp:Policy> >> </sp:AsymmetricBinding> >> <sp:Wss10> >> <wsp:Policy> >> <sp:MustSupportRefIssuerSerial/> >> </wsp:Policy> >> </sp:Wss10> >> </wsp:All> >> </wsp:ExactlyOne> >> </wsp:Policy> >> <wsp:Policy wsu:Id="inputPolicy" >> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; >> xmlns:wsp="http://www.w3.org/ns/ws-policy"; >> xmlns:wsu=" >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >> "> >> <wsp:ExactlyOne> >> <wsp:All> >> <sp:EncryptedParts> >> <sp:Body/> >> </sp:EncryptedParts> >> <sp:SignedParts> >> <sp:Body/> >> </sp:SignedParts> >> </wsp:All> >> </wsp:ExactlyOne> >> </wsp:Policy> >> <wsp:Policy wsu:Id="outputPolicy" >> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; >> xmlns:wsp="http://www.w3.org/ns/ws-policy"; >> xmlns:wsu=" >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >> "> >> <wsp:ExactlyOne> >> <wsp:All> >> <sp:EncryptedParts> >> <sp:Body/> >> </sp:EncryptedParts> >> <sp:SignedParts> >> <sp:Body/> >> </sp:SignedParts> >> </wsp:All> >> </wsp:ExactlyOne> >> </wsp:Policy> >> </wsdl:definitions> >> -------------------------------------------------------- >> >> Thanks >> Sunil. >> > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com
