Would it perhaps be possible to configure the WSS4JOutInterceptor that it applies the security means (timestamp, signature, encryption) also in case of an outgoing Fault message? Then, the receiving client would get at the real exception from the SOAPFault and not the one from the CryptoCoverageChecker.
Thanks again, Dirk. -----Ursprüngliche Nachricht----- Von: Colm O hEigeartaigh [mailto:[email protected]] Gesendet: Dienstag, 9. April 2013 17:38 An: [email protected] Betreff: Re: CryptoCoverageChecker and SOAP Fault responses > I'll look at the custom AlgorithmSuites, but I am a bit sceptical: > what's the use of WS-SecurityPolicy, when using an unknown, unofficial > algorithm suite (identifier) that has to be communicated out of line the the web service clients anyway? (But thanks again, I am curious > anyway.) Well for one it gives you all of the standard validation that is done of a message against a policy, that you don't get with the "Action" based approach. It also gives you the ability not to have to hard-wire (e.g.) the Algorithm Suite you are using in the client, if the client can have access to the WSDL of the service via a registry or even WSDL publish. Colm. On Tue, Apr 9, 2013 at 4:03 PM, Lattermann, Dirk < [email protected]> wrote: > Hi Colm, > > thank you, I just logged Issue 4954. > > I'll look at the custom AlgorithmSuites, but I am a bit sceptical: > what's the use of WS-SecurityPolicy, when using an unknown, unofficial > algorithm suite (identifier) that has to be communicated out of line > the the web service clients anyway? (But thanks again, I am curious > anyway.) > > Dirk > > -----Ursprüngliche Nachricht----- > Von: Colm O hEigeartaigh [mailto:[email protected]] > Gesendet: Dienstag, 9. April 2013 14:46 > An: [email protected] > Betreff: Re: CryptoCoverageChecker and SOAP Fault responses > > Hi Dirk, > > It appears that this is not currently supported. Could you log a JIRA? > > Incidentally, custom AlgorithmSuites are supported in CXF using > WS-SecurityPolicy. See here for an example: > > > http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/j > ava/org/apache/cxf/systest/ws/gcm/ > > http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/r > esources/org/apache/cxf/systest/ws/gcm/ > > Colm. > > > On Tue, Apr 9, 2013 at 8:14 AM, Lattermann, Dirk < > [email protected]> wrote: > > > Hi, > > > > Using CXF 2.4.6 in JBoss EAP 6, I'm securing my web services with > > WS-Security (no WS-SecurityPolicy as the algorithm suite is not > > supported there). > > > > For this, I have configured WSS4JInInterceptors and > > WSS4JOutInterceptors on both client and server, and the setup works. > > > > To check if incoming messages are signed, encrypted, and with > > timestamp token, I also have configured a CryptoCoverageChecker on > > both client and server. Now I have the problem that I cannot obtain > > Fault answers from the server on the client any more because the > > CryptoCoverageChecker kicks in and I don't have a chance to access > > the > SOAPFaultException from the server. > > The server doesn't sign and encrypt Fault answers (which is ok, and > > this is the case also when using easy WS-SecurityPolicy configurations). > > > > How can I configure the CryptoCoverageChecker to only check regular > > (non-fault) web service responses? Or how can I configure CXF to > > only use a CryptoCoverageChecker on non-fault responses? (With > > WS-SecurityPolicy, this problem seems solved). > > > > Thank you, > > Dirk Lattermann > > -------------------------------------------------------- > > DATAGROUP BGS GmbH > > Dirk Lattermann > > > > > > Auf den Tongruben 3 > > D-53721 Siegburg > > Fon: +49 2241 166-531 > > Fax: +49 2241 166-680 > > E-Mail: [email protected] http://www.datagroup.de > > > > Sie finden uns auch auf: > > Facebook<https://www.facebook.com/#!/datagroupag/> | Xing< > > https://www.xing.com/companies/datagroupag/updates/> | Google+< > > https://plus.google.com/s/datagroup#112017044868465108697/posts> | > > LinkedIn<http://www.linkedin.com/company/datagroup-ag/> | Kununu< > > http://www.kununu.com/de/all/de/it/datagroup/> > > > > Geschäftsführung: Hans-Hermann Schaber Amtsgericht Mainz, HRB 44217 > > > > DATAGROUP ist als einer von wenigen IT-Dienstleistern zertifiziert > > nach ISO 20000, der höchstmöglichen Auszeichnung für professionelles > > IT Service Management. > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -------------------------------------------------------- > DATAGROUP BGS GmbH > Dirk Lattermann > > > Auf den Tongruben 3 > D-53721 Siegburg > Fon: +49 2241 166-531 > Fax: +49 2241 166-680 > E-Mail: [email protected] > http://www.datagroup.de > > Sie finden uns auch auf: > Facebook<https://www.facebook.com/#!/datagroupag/> | Xing< > https://www.xing.com/companies/datagroupag/updates/> | Google+< > https://plus.google.com/s/datagroup#112017044868465108697/posts> | > LinkedIn<http://www.linkedin.com/company/datagroup-ag/> | Kununu< > http://www.kununu.com/de/all/de/it/datagroup/> > > Geschäftsführung: Hans-Hermann Schaber Amtsgericht Mainz, HRB 44217 > > DATAGROUP ist als einer von wenigen IT-Dienstleistern zertifiziert > nach ISO 20000, der höchstmöglichen Auszeichnung für professionelles > IT Service Management. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com -------------------------------------------------------- DATAGROUP BGS GmbH Dirk Lattermann Auf den Tongruben 3 D-53721 Siegburg Fon: +49 2241 166-531 Fax: +49 2241 166-680 E-Mail: [email protected] http://www.datagroup.de Sie finden uns auch auf: Facebook<https://www.facebook.com/#!/datagroupag/> | Xing<https://www.xing.com/companies/datagroupag/updates/> | Google+<https://plus.google.com/s/datagroup#112017044868465108697/posts> | LinkedIn<http://www.linkedin.com/company/datagroup-ag/> | Kununu<http://www.kununu.com/de/all/de/it/datagroup/> Geschäftsführung: Hans-Hermann Schaber Amtsgericht Mainz, HRB 44217 DATAGROUP ist als einer von wenigen IT-Dienstleistern zertifiziert nach ISO 20000, der höchstmöglichen Auszeichnung für professionelles IT Service Management.
