Hi,
I hoped the info below would be enough. Here the cxf client config and code of
usage.
Spring config: I have 3 cxf spring config files, listed below:
A) cxf-general.xml that includes the B) cxf-client.xml and C) cxf-tls.xml
I hope you can see the cause of this error (see subject mail). If more
config/code is needed, please let me know.
Code usage:
------------------
private final DeliveryService digiDelivery; // injected by Spring,
contained in client spring config below.
private Response deliver(final Request request) {
return this.digiDelivery.deliver(request);
}
// The class DeliveryService is generated:
@WebService(targetNamespace = "http://Bla/1.2/";, name = "DeliveryService")
@XmlSeeAlso({ObjectFactory.class })
@SOAPBinding(parameterStyle = SOAPBinding.ParameterStyle.BARE)
public interface DeliveryService {
@WebResult(name = "response", targetNamespace = "http://Bla/1.2/";,
partName = "response")
@Action(output = "http://Bka/1.2/DeliveryService/deliveryResponse";,
fault = { @FaultAction(className = DeliveryServiceFault.class, value =
"http://Bla/1.2/DeliveryService/delivery/Fault/";) })
@WebMethod(action = "http://Bla/1.2/DeliveryService/Request";)
public Response aanleveren(@WebParam(partName = "request", name =
"request", targetNamespace = "http://Bla/services/1.2/";) Request request)
throws AanleverServiceFault;
}
------------------
A) CXF-general.xml:
------------------
<import resource="cxf-tls.xml" />
<import resource="cxf-client.xml" />
<!-- General CXF config:
1) http://cxf.apache.org/docs/configuration.html
-->
<cxf:bus>
<cxf:features>
<cxf:logging/>
<policy:policies/>
<!-- WS-addressing required, see 2) -->
<wsa:addressing/> <!-- see:
http://en.wikipedia.org/wiki/WS-Addressing -->
</cxf:features>
</cxf:bus>
------------------
B) CXF-tls.xml:
----------------------
<http:conduit name="{http://bla/1.2/}AanleverService_V1_2Port.http-conduit";>
<http:tlsClientParameters>
<!-- "keyPassword" is the password to access/retrieve
the private key in the key store it self -->
<sec:keyManagers
keyPassword="${tls.keystore.private.key.pwd}" >
<!-- The keystore that contains our private key to
encrypt send data (1 key only) -->
<sec:keyStore
resource="${tls.keystore.private}" password="${tls.keystore.private.pwd}" />
</sec:keyManagers>
<sec:trustManagers>
<!-- This list of certificates that is used to decide
whether or not to trust certificates -->
<sec:keyStore
resource="${tls.keystore.trusted}" password="${tls.keystore.trusted.pwd}"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
</http:conduit>
----------------------
C) CXF client spring config (don't own the server side):
----------------------
<jaxws:client id="digiDelivery" serviceClass="DeliverService"
address="${ deliver.url}">
<jaxws:inInterceptors>
<ref bean="SigningInterceptorIn"/>
<ref bean="wsaSignaturePartsInterceptor"/>
</jaxws:inInterceptors>
<jaxws:outInterceptors>
<ref bean="SigningInterceptorOut"/>
<ref bean="wsaSignaturePartsInterceptor"/>
</jaxws:outInterceptors>
<jaxws:properties>
<entry key="mtom-enabled" value="true"/>
<entry key="signatureParts"
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;
{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
</jaxws:properties>
<!--Tried this, but had no effect: jaxws:binding>
<soap:soapBinding version="1.1"/>
</jaxws:binding-->
</jaxws:client>
<!-- It will dynamically set the WSA signing parts if required,
depending if they contain any value.
See the class for details -->
<bean id="wsaSignaturePartsInterceptor"
class="DynamicWsaSignaturePartsInterceptor"/>
<!-- Required to Sign an outgoing message. -->
<bean id="SigningInterceptorOut"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Timestamp Signature"/>
<entry key="timeToLive" value="300" />
<entry key="user"
value="${deliver.keystore.private.sign.key.alias}"/>
<!-- Used to retrieve the passwords of an alias. -->
<entry key="passwordCallbackRef" value-ref="pwCallback"/>
<!-- Required to send the signature certificate a long with
the message -->
<entry key="signatureKeyIdentifier" value="DirectReference" />
<!-- A reference to the Crypto security
properties -->
<entry key="signaturePropRefId" value="cryptoProperties"/>
<entry key="cryptoProperties" value-ref="cryptoProperties"/>
</map>
</constructor-arg>
</bean>
<!-- Required to validate an incoming signed message. -->
<bean id="SigningInterceptorIn"
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Timestamp Signature"/>
<entry key="signaturePropRefId" value="cryptoProperties"/>
<entry key="cryptoProperties" value-ref="cryptoProperties"/>
</map>
</constructor-arg>
</bean>
<!-- A callback that returns the keystore password of an alias. -->
<bean id="pwCallback" class="ClientKeystorePasswordCallback">
<property name="passwords">
<util:map key-type="java.lang.String"
value-type="java.lang.String">
<entry key="${deliver.keystore.private.sign.key.alias}"
value="${deliver.keystore.private.sign.key.pwd}"/>
</util:map>
</property>
</bean>
<!-- Ref:
1) http://ws.apache.org/wss4j/config.html
2) https://sites.google.com/site/ddmwsst/ws-security-impl -->
<util:properties id="cryptoProperties">
<!-- The private keystore info to sign the message -->
<prop
key="org.apache.ws.security.crypto.merlin.keystore.file">${deliver.keystore.private}</prop>
<prop
key="org.apache.ws.security.crypto.merlin.keystore.password">${deliver.keystore.private.pwd}</prop>
<!-- The trusted keystore info for unsigning received messages -->
<prop
key="org.apache.ws.security.crypto.merlin.truststore.file">${deliver.keystore.trusted}</prop>
<prop
key="org.apache.ws.security.crypto.merlin.truststore.password">${deliver.keystore.trusted.pwd}</prop>
</util:properties>
----------------------
> -----Original Message-----
> From: Freeman Fang [mailto:[email protected]]
> Sent: woensdag 8 mei 2013 5:00
> To: [email protected]
> Subject: Re: A SOAP 1.2 message is not valid when sent to a SOAP 1.1
> only endpoint
>
> Hi,
>
> You need append your client side configuration and code so that we can
> take a look
> -------------
> Freeman(Yue) Fang
>
> Red Hat, Inc.
> FuseSource is now part of Red Hat
> Web: http://fusesource.com | http://www.redhat.com/
> Twitter: freemanfang
> Blog: http://freemanfang.blogspot.com
> http://blog.sina.com.cn/u/1473905042
> weibo: @Freeman??
>
> On 2013-5-8, at ??2:20, Ed Bras wrote:
>
> > Hi All,
> > I don't know what I changed anymore :(... But I have ended up with
> > this exception which I don't seem to solve:
> > ---
> > Caused by: javax.xml.ws.soap.SOAPFaultException: A SOAP 1.2 message
> is
> > not valid when sent to a SOAP 1.1 only endpoint.
> > ---
> >
> > I am using CXF 2.7.4 and have the classes generated from the wsdl. I
> > am using the MTOM and WSS4JOutInterceptor for signing outgoing
> messages.
> >
> > The wsdl contains things like:
> > ----
> > <wsdl:definitions ... xmlns:soap11="http ... > <soap11:binding
> > <soap11:operation soap11:address
> > ----
> >
> > So that all sound like soap 1.1, but somehow soap 1.2 is being used
> in
> > the client for the created message. I have added this in my jaxws
> > client config, but it had no effect.
> > ----
> > <jaxws:binding>
> > <soap:soapBinding version="1.1"/> </jaxws:binding>
> > ----
> >
> > Why does CXF try to use soap 1.2 at all?
> >
> > Please some advice on how to solve this?
> > - Ed
> >
