I added a test-case for this scenario as well: http://svn.apache.org/viewvc?view=revision&revision=1351280
Colm. On Fri, Jun 15, 2012 at 1:18 PM, Sunil Bapat <[email protected]> wrote: > Could it be because I am invoking the client from a web service method > of a different service that is not secured? The client to this web > service is another web service. > > Thanks > Sunil. > > > On Fri, Jun 15, 2012 at 6:24 AM, Colm O hEigeartaigh > <[email protected]> wrote: > > I don't see anything obviously wrong with your config. I added a test > that > > uses WS-SecurityPolicy to CXF based on your test-case and it works as > > expected: > > > > http://svn.apache.org/viewvc?view=revision&revision=1350561 > > > > Could you supply a test-case that reproduces the problem? > > > > Colm. > > > > On Thu, Jun 14, 2012 at 2:36 PM, Sunil Bapat <[email protected]> wrote: > > > >> I am trying to call a web service which is secured by > >> AsymmetricBinding with HOK SAML assertion (wsdl is below). This web > >> service is called from another web service, i.e., the client is > >> another web service. > >> > >> When I make the call to the service from the client, the message is > >> not signed or encrypted, and the saml assertion is not inserted into > >> the header. The SOAP message is a plain soap message without security > >> headers or signatures or encryption. > >> > >> The client code and the corresponding configuration is below. Am I > >> missing something? Do I need to explicitly define the wss4j > >> interceptors, instead of the code below? I assumed that because of the > >> policy defined, the interceptor would be automatically configured > >> based on the properties in the request context. > >> > >> Any ideas? > >> > >> ---------------------------- > >> Client code: > >> > >> BindingProvider bindingProvider = (BindingProvider)helloWorldService; > >> > >> > bindingProvider.getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER, > >> new SAMLCallbackHandler(samlAssertionElement)); > >> > >> > bindingProvider.getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES, > >> "clientkeystore.properties"); > >> > >> > bindingProvider.getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME, > >> "client"); > >> > >> > bindingProvider.getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, > >> "clienttruststore.properties"); > >> > bindingProvider.getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME, > >> "server"); > >> > >> String result = helloWorldService.sayHello(username); > >> > >> ---------------------------- > >> Client Config: > >> > >> <bean id="helloWorldServiceClient" > >> > >> class="com.test.services.helloworldservice.HelloWorldServicePortType" > >> factory-bean="helloWorldServiceClientFactory" > >> factory-method="create"> > >> </bean> > >> > >> <bean id="helloWorldServiceClientFactory" > >> class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean"> > >> <property name="serviceClass" > >> > >> value="com.test.services.helloworldservice.HelloWorldServicePortType" > >> /> > >> <property name="address" > >> value="http://localhost:8080/hok-helloworld-ws/HelloWorldService?wsdl"; > >> /> > >> <property name="bus" ref="cxf" /> > >> </bean> > >> > >> ------------------------------ > >> WSDL: > >> > >> <?xml version='1.0' encoding='UTF-8'?><wsdl:definitions > >> name="HelloWorldService" > >> targetNamespace="http://test.com/services/HelloWorldService"; > >> xmlns:ns1="http://schemas.xmlsoap.org/soap/http"; > >> xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; > >> xmlns:tns="http://test.com/services/HelloWorldService"; > >> xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; > >> xmlns:wsp="http://www.w3.org/ns/ws-policy"; > >> xmlns:xsd="http://www.w3.org/2001/XMLSchema";> > >> <wsdl:types> > >> <xs:schema elementFormDefault="unqualified" > >> targetNamespace="http://test.com/services/HelloWorldService"; > >> version="1.0" xmlns:tns="http://test.com/services/HelloWorldService"; > >> xmlns:xs="http://www.w3.org/2001/XMLSchema";> > >> <xs:element name="sayHello" type="tns:sayHello"/> > >> <xs:element name="sayHelloResponse" type="tns:sayHelloResponse"/> > >> <xs:complexType name="sayHello"> > >> <xs:sequence> > >> <xs:element minOccurs="0" name="userName" type="xs:string"/> > >> </xs:sequence> > >> </xs:complexType> > >> <xs:complexType name="sayHelloResponse"> > >> <xs:sequence> > >> <xs:element minOccurs="0" name="return" type="xs:string"/> > >> </xs:sequence> > >> </xs:complexType> > >> </xs:schema> > >> </wsdl:types> > >> <wsdl:message name="sayHelloResponse"> > >> <wsdl:part element="tns:sayHelloResponse" name="parameters"> > >> </wsdl:part> > >> </wsdl:message> > >> <wsdl:message name="sayHello"> > >> <wsdl:part element="tns:sayHello" name="parameters"> > >> </wsdl:part> > >> </wsdl:message> > >> <wsdl:portType name="HelloWorldServicePortType"> > >> <wsdl:operation name="sayHello"> > >> <wsdl:input message="tns:sayHello" name="sayHello"> > >> </wsdl:input> > >> <wsdl:output message="tns:sayHelloResponse" > name="sayHelloResponse"> > >> </wsdl:output> > >> </wsdl:operation> > >> </wsdl:portType> > >> <wsdl:binding name="HelloWorldServiceSoapBinding" > >> type="tns:HelloWorldServicePortType"> > >> <soap:binding style="document" > >> transport="http://schemas.xmlsoap.org/soap/http"/> > >> <wsp:PolicyReference URI="#asymmetricSAMLPolicy"/> > >> <wsdl:operation name="sayHello"> > >> <soap:operation soapAction="" style="document"/> > >> <wsdl:input name="sayHello"> > >> <soap:body use="literal"/> > >> <wsp:PolicyReference URI="#inputPolicy"/> > >> </wsdl:input> > >> <wsdl:output name="sayHelloResponse"> > >> <soap:body use="literal"/> > >> <wsp:PolicyReference URI="#outputPolicy"/> > >> </wsdl:output> > >> </wsdl:operation> > >> </wsdl:binding> > >> <wsdl:service name="HelloWorldService"> > >> <wsdl:port binding="tns:HelloWorldServiceSoapBinding" > >> name="HelloWorldServicePort"> > >> <soap:address > >> location=" > http://localhost:8080/hok-helloworld-ws/HelloWorldService?wsdl > >> "/> > >> </wsdl:port> > >> </wsdl:service> > >> <wsp:Policy wsu:Id="asymmetricSAMLPolicy" > >> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; > >> xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"; > >> xmlns:wsp="http://www.w3.org/ns/ws-policy"; > >> xmlns:wsu=" > >> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > >> "> > >> <wsp:ExactlyOne> > >> <wsp:All> > >> <wsam:Addressing wsp:Optional="false"/> > >> <sp:AsymmetricBinding> > >> <wsp:Policy> > >> <sp:InitiatorToken> > >> <wsp:Policy> > >> <sp:SamlToken > >> sp:IncludeToken=" > >> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > >> "> > >> <wsp:Policy> > >> <sp:WssSamlV20Token11/> > >> </wsp:Policy> > >> </sp:SamlToken> > >> </wsp:Policy> > >> </sp:InitiatorToken> > >> <sp:RecipientToken> > >> <wsp:Policy> > >> <sp:X509Token > >> sp:IncludeToken=" > >> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never > >> "> > >> <wsp:Policy> > >> <sp:WssX509V3Token10/> > >> <sp:RequireIssuerSerialReference/> > >> </wsp:Policy> > >> </sp:X509Token> > >> </wsp:Policy> > >> </sp:RecipientToken> > >> <sp:Layout> > >> <wsp:Policy> > >> <sp:Strict/> > >> </wsp:Policy> > >> </sp:Layout> > >> <sp:IncludeTimestamp/> > >> <sp:OnlySignEntireHeadersAndBody/> > >> <sp:AlgorithmSuite> > >> <wsp:Policy> > >> <sp:Basic128/> > >> </wsp:Policy> > >> </sp:AlgorithmSuite> > >> </wsp:Policy> > >> </sp:AsymmetricBinding> > >> <sp:Wss10> > >> <wsp:Policy> > >> <sp:MustSupportRefIssuerSerial/> > >> </wsp:Policy> > >> </sp:Wss10> > >> </wsp:All> > >> </wsp:ExactlyOne> > >> </wsp:Policy> > >> <wsp:Policy wsu:Id="inputPolicy" > >> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; > >> xmlns:wsp="http://www.w3.org/ns/ws-policy"; > >> xmlns:wsu=" > >> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > >> "> > >> <wsp:ExactlyOne> > >> <wsp:All> > >> <sp:EncryptedParts> > >> <sp:Body/> > >> </sp:EncryptedParts> > >> <sp:SignedParts> > >> <sp:Body/> > >> </sp:SignedParts> > >> </wsp:All> > >> </wsp:ExactlyOne> > >> </wsp:Policy> > >> <wsp:Policy wsu:Id="outputPolicy" > >> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; > >> xmlns:wsp="http://www.w3.org/ns/ws-policy"; > >> xmlns:wsu=" > >> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > >> "> > >> <wsp:ExactlyOne> > >> <wsp:All> > >> <sp:EncryptedParts> > >> <sp:Body/> > >> </sp:EncryptedParts> > >> <sp:SignedParts> > >> <sp:Body/> > >> </sp:SignedParts> > >> </wsp:All> > >> </wsp:ExactlyOne> > >> </wsp:Policy> > >> </wsdl:definitions> > >> -------------------------------------------------------- > >> > >> Thanks > >> Sunil. > >> > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
