Hi, What's the DynamicWsaSignaturePartsInterceptor like?
Also, could you please append the client code where you send out request? Btw, now MTOM + WS-Security does not work together in CXF, please remove <entry key="mtom-enabled" value="true"/> from your configuration to see if it helps ------------- Freeman(Yue) Fang Red Hat, Inc. FuseSource is now part of Red Hat Web: http://fusesource.com | http://www.redhat.com/ Twitter: freemanfang Blog: http://freemanfang.blogspot.com http://blog.sina.com.cn/u/1473905042 weibo: @Freeman小屋 On 2013-5-9, at 下午3:15, Ed Bras wrote: > Hi, > I hoped the info below would be enough. Here the cxf client config and code > of usage. > Spring config: I have 3 cxf spring config files, listed below: > A) cxf-general.xml that includes the B) cxf-client.xml and C) cxf-tls.xml > > I hope you can see the cause of this error (see subject mail). If more > config/code is needed, please let me know. > > > Code usage: > ------------------ > private final DeliveryService digiDelivery; // injected by Spring, > contained in client spring config below. > private Response deliver(final Request request) { > return this.digiDelivery.deliver(request); > } > > // The class DeliveryService is generated: > > @WebService(targetNamespace = "http://Bla/1.2/";, name = "DeliveryService") > @XmlSeeAlso({ObjectFactory.class }) > @SOAPBinding(parameterStyle = SOAPBinding.ParameterStyle.BARE) > public interface DeliveryService { > > @WebResult(name = "response", targetNamespace = "http://Bla/1.2/";, > partName = "response") > @Action(output = "http://Bka/1.2/DeliveryService/deliveryResponse";, > fault = { @FaultAction(className = DeliveryServiceFault.class, value = > "http://Bla/1.2/DeliveryService/delivery/Fault/";) }) > @WebMethod(action = "http://Bla/1.2/DeliveryService/Request";) > public Response aanleveren(@WebParam(partName = "request", name = > "request", targetNamespace = "http://Bla/services/1.2/";) Request request) > throws AanleverServiceFault; > } > ------------------ > > > > A) CXF-general.xml: > ------------------ > <import resource="cxf-tls.xml" /> > <import resource="cxf-client.xml" /> > > <!-- General CXF config: > 1) http://cxf.apache.org/docs/configuration.html > --> > <cxf:bus> > <cxf:features> > <cxf:logging/> > > <policy:policies/> > > <!-- WS-addressing required, see 2) --> > <wsa:addressing/> <!-- see: > http://en.wikipedia.org/wiki/WS-Addressing --> > </cxf:features> > </cxf:bus> > ------------------ > > > > B) CXF-tls.xml: > ---------------------- > <http:conduit > name="{http://bla/1.2/}AanleverService_V1_2Port.http-conduit";> > <http:tlsClientParameters> > > <!-- "keyPassword" is the password to access/retrieve > the private key in the key store it self --> > <sec:keyManagers > keyPassword="${tls.keystore.private.key.pwd}" > > <!-- The keystore that contains our private key to > encrypt send data (1 key only) --> > <sec:keyStore > resource="${tls.keystore.private}" password="${tls.keystore.private.pwd}" /> > </sec:keyManagers> > > <sec:trustManagers> > <!-- This list of certificates that is used to decide > whether or not to trust certificates --> > <sec:keyStore > resource="${tls.keystore.trusted}" password="${tls.keystore.trusted.pwd}"/> > </sec:trustManagers> > > <sec:cipherSuitesFilter> > <sec:include>.*_EXPORT_.*</sec:include> > <sec:include>.*_EXPORT1024_.*</sec:include> > <sec:include>.*_WITH_DES_.*</sec:include> > <sec:include>.*_WITH_AES_.*</sec:include> > <sec:include>.*_WITH_NULL_.*</sec:include> > <sec:exclude>.*_DH_anon_.*</sec:exclude> > </sec:cipherSuitesFilter> > </http:tlsClientParameters> > </http:conduit> > ---------------------- > > > > C) CXF client spring config (don't own the server side): > ---------------------- > <jaxws:client id="digiDelivery" serviceClass="DeliverService" > address="${ deliver.url}"> > <jaxws:inInterceptors> > <ref bean="SigningInterceptorIn"/> > <ref bean="wsaSignaturePartsInterceptor"/> > </jaxws:inInterceptors> > > <jaxws:outInterceptors> > <ref bean="SigningInterceptorOut"/> > <ref bean="wsaSignaturePartsInterceptor"/> > </jaxws:outInterceptors> > > <jaxws:properties> > <entry key="mtom-enabled" value="true"/> > <entry key="signatureParts" > value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp; > > {Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"/> > </jaxws:properties> > > <!--Tried this, but had no effect: jaxws:binding> > <soap:soapBinding version="1.1"/> > </jaxws:binding--> > </jaxws:client> > > <!-- It will dynamically set the WSA signing parts if required, > depending if they contain any value. > See the class for details --> > <bean id="wsaSignaturePartsInterceptor" > class="DynamicWsaSignaturePartsInterceptor"/> > <!-- Required to Sign an outgoing message. --> > <bean id="SigningInterceptorOut" > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> > <constructor-arg> > <map> > <entry key="action" value="Timestamp Signature"/> > <entry key="timeToLive" value="300" /> > <entry key="user" > value="${deliver.keystore.private.sign.key.alias}"/> > > <!-- Used to retrieve the passwords of an alias. --> > <entry key="passwordCallbackRef" value-ref="pwCallback"/> > > <!-- Required to send the signature certificate a long with > the message --> > <entry key="signatureKeyIdentifier" value="DirectReference" /> > > <!-- A reference to the Crypto security > properties --> > <entry key="signaturePropRefId" value="cryptoProperties"/> > <entry key="cryptoProperties" value-ref="cryptoProperties"/> > </map> > </constructor-arg> > </bean> > > <!-- Required to validate an incoming signed message. --> > <bean id="SigningInterceptorIn" > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> > <constructor-arg> > <map> > <entry key="action" value="Timestamp Signature"/> > <entry key="signaturePropRefId" value="cryptoProperties"/> > <entry key="cryptoProperties" value-ref="cryptoProperties"/> > </map> > </constructor-arg> > </bean> > > <!-- A callback that returns the keystore password of an alias. --> > <bean id="pwCallback" class="ClientKeystorePasswordCallback"> > <property name="passwords"> > <util:map key-type="java.lang.String" > value-type="java.lang.String"> > <entry key="${deliver.keystore.private.sign.key.alias}" > value="${deliver.keystore.private.sign.key.pwd}"/> > </util:map> > </property> > </bean> > > <!-- Ref: > 1) http://ws.apache.org/wss4j/config.html > 2) https://sites.google.com/site/ddmwsst/ws-security-impl --> > <util:properties id="cryptoProperties"> > <!-- The private keystore info to sign the message --> > <prop > key="org.apache.ws.security.crypto.merlin.keystore.file">${deliver.keystore.private}</prop> > <prop > key="org.apache.ws.security.crypto.merlin.keystore.password">${deliver.keystore.private.pwd}</prop> > <!-- The trusted keystore info for unsigning received messages --> > <prop > key="org.apache.ws.security.crypto.merlin.truststore.file">${deliver.keystore.trusted}</prop> > <prop > key="org.apache.ws.security.crypto.merlin.truststore.password">${deliver.keystore.trusted.pwd}</prop> > </util:properties> > > ---------------------- > > >> -----Original Message----- >> From: Freeman Fang [mailto:[email protected]] >> Sent: woensdag 8 mei 2013 5:00 >> To: [email protected] >> Subject: Re: A SOAP 1.2 message is not valid when sent to a SOAP 1.1 >> only endpoint >> >> Hi, >> >> You need append your client side configuration and code so that we can >> take a look >> ------------- >> Freeman(Yue) Fang >> >> Red Hat, Inc. >> FuseSource is now part of Red Hat >> Web: http://fusesource.com | http://www.redhat.com/ >> Twitter: freemanfang >> Blog: http://freemanfang.blogspot.com >> http://blog.sina.com.cn/u/1473905042 >> weibo: @Freeman?? >> >> On 2013-5-8, at ??2:20, Ed Bras wrote: >> >>> Hi All, >>> I don't know what I changed anymore :(... But I have ended up with >>> this exception which I don't seem to solve: >>> --- >>> Caused by: javax.xml.ws.soap.SOAPFaultException: A SOAP 1.2 message >> is >>> not valid when sent to a SOAP 1.1 only endpoint. >>> --- >>> >>> I am using CXF 2.7.4 and have the classes generated from the wsdl. I >>> am using the MTOM and WSS4JOutInterceptor for signing outgoing >> messages. >>> >>> The wsdl contains things like: >>> ---- >>> <wsdl:definitions ... xmlns:soap11="http ... > <soap11:binding >>> <soap11:operation soap11:address >>> ---- >>> >>> So that all sound like soap 1.1, but somehow soap 1.2 is being used >> in >>> the client for the created message. I have added this in my jaxws >>> client config, but it had no effect. >>> ---- >>> <jaxws:binding> >>> <soap:soapBinding version="1.1"/> </jaxws:binding> >>> ---- >>> >>> Why does CXF try to use soap 1.2 at all? >>> >>> Please some advice on how to solve this? >>> - Ed >>> > >
