No, that's not the problem. I've just looked at your Client.txt and it is
incorrect. I see two problems:
a) You are defining security actions via WSHandlerConstants.* and then
adding the properties to a WSS4JOutInterceptor. However, is it
unnecessary to do this, as security is configured via the SecurityPolicy.
Get rid of from " java.util.Map<String,Object> outProps..." down to
"client.getOutInterceptors().add(wssOut);"
b) Your WS-SecurityPolicy configuration looks like:
bindingProvider.getRequestContext().put("ws-security.username", "mykey");
bindingProvider.getRequestContext().put("ws-security.callback-handler",
new KeystorePasswordCallback());
// Encryption properties file with directions to use the keystore
bindingProvider.getRequestContext().put("ws-security.encryption.username",
"mykey");
bindingProvider.getRequestContext().put("ws-security.encryption.properties",
"pbsitokhie.properties");
However, you are using the same key alias for both signature + encryption
here! You should be specifying the signature alias via
"ws-security.signature.username" + the encryption alias via
"ws-security.encryption.username". If "mykey" is your key, then I guess the
error is that the service cannot decrypt the EncryptedKey...
Colm.
On Mon, Feb 3, 2014 at 2:16 PM, Carlos Oliva <[email protected]> wrote:
> Hi Colm,
> I just noticed that the Security element fails to appear in the list of
> headers of the SOAPMessage. I added a SOAPHandlerInterceptor to my
> client and listed the the headers (perhaps I need to add it in a
> different Phase). This is what I got:
> Message has 4 headers
> {http://www.w3.org/2005/08/addressing}Action
> {http://www.w3.org/2005/08/addressing}MessageID
> {http://www.w3.org/2005/08/addressing}To
> {http://www.w3.org/2005/08/addressing}ReplyTo
>
> The logging interceptor lists the outgoing message afterwards and the
> Security element appears as follows:
> ><wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
> curity-secext-1.0.xsd"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
> urity-utility-1.0.xsd" soap:mustUnderstand="true">
>
> Is it that the interceptor fails to understand the Security element as
> part of the Header? I am asking because the webservice sends a fault
> message back with ta text like "An error occurred when verifying
> security for the message"
>
> -----Original Message-----
> From: Colm O hEigeartaigh [mailto:[email protected]]
> Sent: Monday, February 03, 2014 7:32 AM
> To: [email protected]
> Subject: Re: Client Apache CXF to a Windows webservice
>
> Do you have access to the logs on the service side to see why the
> request was rejected? I don't really see anything wrong with the CXF
> request. Could you attach the security policy that is being used?
>
> Colm.
>
>
> On Sat, Feb 1, 2014 at 9:52 PM, Carlos Oliva <[email protected]>
> wrote:
>
> > How can I mimic the message in the attached file, message.xml, with a
> > stand-alone Apache CXF client? The file is a trace output from
> > support at the remote server. I need to replicate the message
> > described in the file without the added artifacts created be the
> tracer.
> >
> >
> >
> > I created a java client, attached file client.txt, by replicating the
>
> > Greeter example in the Apache CXF web site. I created the artifacts
> > with wsdl2java from the wsdl quoted in the attached file,
> > (SecodnExchange.txt), and coded the client. My client created the
> > message listed in the file, SecondExchange.txt, and get the response
> > "An error occurred when verifying security for the message". The
> > support team for the service has told me that they had added my public
> key to their configuration.
> >
> >
> >
> > I am stuck with this problem. It looks like the client is creating
> > code that is very similar to the one that succeeds. Thank you very
> > much in advance.
> > *PRIVILEGED AND CONFIDENTIAL: This document and the information
> > contained herein are confidential and protected from disclosure under
> Federal law.
> > This message is intended only for the use of the addressee(s) and may
> > contain information that is PRIVILEGED and CONFIDENTIAL. If you are
> > not the intended recipient, you are hereby notified that the use,
> > dissemination, or copying of this information is strictly prohibited.
> > If you received this communication in error, please erase all copies
> > of the message and its attachments and notify the sender immediately.*
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
