Hi, This is a fairly standard WS-Security use-case where you are signing the SOAP Body via an included BinarySecurityToken (incidentally you should also be signing the Timestamp). What you want is an AsymmetricBinding policy that only contains an "InitiatorToken".
The best place to start is to look at the WS-Security examples. WSDL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/DoubleItX509.wsdl?view=markup Test code: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/X509TokenTest.java?view=markup Client configuration: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client/client.xml?view=markup Colm. On Wed, Aug 22, 2012 at 1:14 PM, Jaroslav Půbal <[email protected]> wrote: > Hello, > > I need call .NET server from CXF java client. > > > > .NET web service use WSS with certificate. > > > > I have valid certificate, but I don't know how to configure CXF to get it > work. > > > > Request header must look like this: > > <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"; > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri > ty-secext-1.0.xsd" > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit > y-utility-1.0.xsd"> > > <SOAP:Header> > > <wsa:Action>http://xxx/xxx/proceed2</wsa:Action> > > > <wsa:MessageID>uuid:0850345f-4462-44ec-ba79-322a01cf2e3b</wsa:MessageID> > > <wsa:To>http://xxx/xxx/</wsa:To> > > <wsse:Security SOAP:mustUnderstand="1"> > > <wsu:Timestamp > wsu:Id="Timestamp-6650292b-e070-4234-961c-becfb5c54d58"> > > <wsu:Created>2008-09-17T09:59:18Z</wsu:Created> > > </wsu:Timestamp> > > <wsse:BinarySecurityToken > ValueType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke > n-profile-1.0#X509v3" > EncodingType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-m > essage-security-1.0#Base64Binary" > > wsu:Id="SecurityToken-439239a1-158e-40a2-b969-012afa36e061">.pYYjs=</wsse:Bi > narySecurityToken> > > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> > > <SignedInfo> > > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; /> > > <SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> > > <Reference URI="#Id-1baa4d05-a59a-4b53-afc3-166cb8cfac10"> > > <Transforms> > > <Transform Algorithm=" > http://www.w3.org/2001/10/xml-exc-c14n#"; > /> > > </Transforms> > > <DigestMethod Algorithm=" > http://www.w3.org/2000/09/xmldsig#sha1"; > /> > > <DigestValue>vXCPk+2yjstl9FhZlPq+lW+bbfg=</DigestValue> > > </Reference> > > </SignedInfo> > > <SignatureValue>.YQGsAtCQ=</SignatureValue> > > <KeyInfo> > > <wsse:SecurityTokenReference> > > <wsse:Reference > URI="#SecurityToken-439239a1-158e-40a2-b969-012afa36e061" > ValueType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke > n-profile-1.0#X509v3" /> > > </wsse:SecurityTokenReference> > > </KeyInfo> > > </Signature> > > </wsse:Security> > > </SOAP:Header> > > <SOAP:Body > wsu:Id="Id-1baa4d05-a59a-4b53-afc3-166cb8cfac10">...</SOAP:Body> > > </SOAP:Envelope> > > > > > > Any help will be appreciated! > > > > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
