You are using the older "Action" style configuration with WS-SecurityPolicy, which doesn't work. With WS-SecurityPolicy you don't tell it what security actions to perform, as the policy already contains all of this information. You just need to let it know the correct credentials for signing/encryption etc.
See here for some information about configuration: http://cxf.apache.org/docs/ws-securitypolicy.html Colm. On Thu, May 23, 2013 at 10:34 AM, Ted Roeloffzen <[email protected]>wrote: > Hello all, > > I'm having al little difficulty setting up my client-webservice with the > correct settings. > This is the main part of the WSDL that i have to comply to. > > <wsp:Policy wsu:Id=""> > <wsp:ExactlyOne> > <wsp:All> > <sp:AsymmetricBinding xmlns:sp=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:InitiatorToken> > <wsp:Policy> > <sp:X509Token sp:IncludeToken=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient > "> > <wsp:Policy> > <sp:RequireThumbprintReference/> > <sp:WssX509V3Token10/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:InitiatorToken> > <sp:RecipientToken> > <wsp:Policy> > <sp:X509Token sp:IncludeToken=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToInitiator > "> > <wsp:Policy> > <sp:RequireThumbprintReference/> > <sp:WssX509V3Token10/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:RecipientToken> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:Basic256Sha256Rsa15/> > </wsp:Policy> > </sp:AlgorithmSuite> > <sp:Layout> > <wsp:Policy> > <sp:Lax/> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp/> > <sp:OnlySignEntireHeadersAndBody/> > </wsp:Policy> > </sp:AsymmetricBinding> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > <wsp:Policy wsu:Id=""> > <wsp:ExactlyOne> > <wsp:All> > <sp:SignedParts xmlns:sp=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <sp:Body/> > </sp:SignedParts> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > i have deleted the id's, for the sake of our client. > > The problem is that i'm unable the setup the correct token inclusion and so > on. > I can't seem to figure out which parameters have to be set with CXF. > Since we don't use Spring, I have to configure everything through the API. > > > THis is what i have so far. > Map<String, Object> outProps = new HashMap<String, Object>(); > outProps.put(WSHandlerConstants.ACTION, > WSHandlerConstants.TIMESTAMP + " " > + WSHandlerConstants.SIGNATURE); > outProps.put(WSHandlerConstants.SIG_ALGO, > "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";); > outProps.put(WSHandlerConstants.SIG_DIGEST_ALGO, " > http://www.w3.org/2001/04/xmlenc#sha256";); > > WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps); > client.getOutInterceptors().add(wssOut); > > And i'm adding a custom Interceptor that does this in the handleMessage at > the Pre_logical phase > > X509Certificate[] certificates = {holder.getCertificate()}; > CertificateStore store = new CertificateStore(certificates); > > message.put(SecurityConstants.SIGNATURE_CRYPTO, store); > > Can one of you point me in the right direction? > > kind regards, > > Ted > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
