Have you tried adding it to the outbound fault interceptor chain? Colm.
On Mon, Apr 15, 2013 at 3:46 PM, Lattermann, Dirk < [email protected]> wrote: > Would it perhaps be possible to configure the WSS4JOutInterceptor that it > applies the security means (timestamp, signature, encryption) also in case > of an outgoing Fault message? > Then, the receiving client would get at the real exception from the > SOAPFault and not the one from the CryptoCoverageChecker. > > Thanks again, > Dirk. > > -----Ursprüngliche Nachricht----- > Von: Colm O hEigeartaigh [mailto:[email protected]] > Gesendet: Dienstag, 9. April 2013 17:38 > An: [email protected] > Betreff: Re: CryptoCoverageChecker and SOAP Fault responses > > > I'll look at the custom AlgorithmSuites, but I am a bit sceptical: > > what's > the use of WS-SecurityPolicy, when using an unknown, unofficial > > algorithm suite (identifier) that has to be communicated out of line the > the web service clients anyway? (But thanks again, I am curious > anyway.) > > Well for one it gives you all of the standard validation that is done of a > message against a policy, that you don't get with the "Action" based > approach. It also gives you the ability not to have to hard-wire (e.g.) the > Algorithm Suite you are using in the client, if the client can have access > to the WSDL of the service via a registry or even WSDL publish. > > Colm. > > > On Tue, Apr 9, 2013 at 4:03 PM, Lattermann, Dirk < > [email protected]> wrote: > > > Hi Colm, > > > > thank you, I just logged Issue 4954. > > > > I'll look at the custom AlgorithmSuites, but I am a bit sceptical: > > what's the use of WS-SecurityPolicy, when using an unknown, unofficial > > algorithm suite (identifier) that has to be communicated out of line > > the the web service clients anyway? (But thanks again, I am curious > > anyway.) > > > > Dirk > > > > -----Ursprüngliche Nachricht----- > > Von: Colm O hEigeartaigh [mailto:[email protected]] > > Gesendet: Dienstag, 9. April 2013 14:46 > > An: [email protected] > > Betreff: Re: CryptoCoverageChecker and SOAP Fault responses > > > > Hi Dirk, > > > > It appears that this is not currently supported. Could you log a JIRA? > > > > Incidentally, custom AlgorithmSuites are supported in CXF using > > WS-SecurityPolicy. See here for an example: > > > > > > http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/j > > ava/org/apache/cxf/systest/ws/gcm/ > > > > http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/r > > esources/org/apache/cxf/systest/ws/gcm/ > > > > Colm. > > > > > > On Tue, Apr 9, 2013 at 8:14 AM, Lattermann, Dirk < > > [email protected]> wrote: > > > > > Hi, > > > > > > Using CXF 2.4.6 in JBoss EAP 6, I'm securing my web services with > > > WS-Security (no WS-SecurityPolicy as the algorithm suite is not > > > supported there). > > > > > > For this, I have configured WSS4JInInterceptors and > > > WSS4JOutInterceptors on both client and server, and the setup works. > > > > > > To check if incoming messages are signed, encrypted, and with > > > timestamp token, I also have configured a CryptoCoverageChecker on > > > both client and server. Now I have the problem that I cannot obtain > > > Fault answers from the server on the client any more because the > > > CryptoCoverageChecker kicks in and I don't have a chance to access > > > the > > SOAPFaultException from the server. > > > The server doesn't sign and encrypt Fault answers (which is ok, and > > > this is the case also when using easy WS-SecurityPolicy > configurations). > > > > > > How can I configure the CryptoCoverageChecker to only check regular > > > (non-fault) web service responses? Or how can I configure CXF to > > > only use a CryptoCoverageChecker on non-fault responses? (With > > > WS-SecurityPolicy, this problem seems solved). > > > > > > Thank you, > > > Dirk Lattermann > > > -------------------------------------------------------- > > > DATAGROUP BGS GmbH > > > Dirk Lattermann > > > > > > > > > Auf den Tongruben 3 > > > D-53721 Siegburg > > > Fon: +49 2241 166-531 > > > Fax: +49 2241 166-680 > > > E-Mail: [email protected] http://www.datagroup.de > > > > > > Sie finden uns auch auf: > > > Facebook<https://www.facebook.com/#!/datagroupag/> | Xing< > > > https://www.xing.com/companies/datagroupag/updates/> | Google+< > > > https://plus.google.com/s/datagroup#112017044868465108697/posts> | > > > LinkedIn<http://www.linkedin.com/company/datagroup-ag/> | Kununu< > > > http://www.kununu.com/de/all/de/it/datagroup/> > > > > > > Geschäftsführung: Hans-Hermann Schaber Amtsgericht Mainz, HRB 44217 > > > > > > DATAGROUP ist als einer von wenigen IT-Dienstleistern zertifiziert > > > nach ISO 20000, der höchstmöglichen Auszeichnung für professionelles > > > IT Service Management. > > > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > -------------------------------------------------------- > > DATAGROUP BGS GmbH > > Dirk Lattermann > > > > > > Auf den Tongruben 3 > > D-53721 Siegburg > > Fon: +49 2241 166-531 > > Fax: +49 2241 166-680 > > E-Mail: [email protected] > > http://www.datagroup.de > > > > Sie finden uns auch auf: > > Facebook<https://www.facebook.com/#!/datagroupag/> | Xing< > > https://www.xing.com/companies/datagroupag/updates/> | Google+< > > https://plus.google.com/s/datagroup#112017044868465108697/posts> | > > LinkedIn<http://www.linkedin.com/company/datagroup-ag/> | Kununu< > > http://www.kununu.com/de/all/de/it/datagroup/> > > > > Geschäftsführung: Hans-Hermann Schaber Amtsgericht Mainz, HRB 44217 > > > > DATAGROUP ist als einer von wenigen IT-Dienstleistern zertifiziert > > nach ISO 20000, der höchstmöglichen Auszeichnung für professionelles > > IT Service Management. > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -------------------------------------------------------- > DATAGROUP BGS GmbH > Dirk Lattermann > > > Auf den Tongruben 3 > D-53721 Siegburg > Fon: +49 2241 166-531 > Fax: +49 2241 166-680 > E-Mail: [email protected] > http://www.datagroup.de > > Sie finden uns auch auf: > Facebook<https://www.facebook.com/#!/datagroupag/> | Xing< > https://www.xing.com/companies/datagroupag/updates/> | Google+< > https://plus.google.com/s/datagroup#112017044868465108697/posts> | > LinkedIn<http://www.linkedin.com/company/datagroup-ag/> | Kununu< > http://www.kununu.com/de/all/de/it/datagroup/> > > Geschäftsführung: Hans-Hermann Schaber > Amtsgericht Mainz, HRB 44217 > > DATAGROUP ist als einer von wenigen IT-Dienstleistern zertifiziert nach > ISO 20000, der höchstmöglichen Auszeichnung für professionelles IT Service > Management. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
