Hi Colm, That is the alias to my private key in my keystore. Should I use something else? I think that my client shoudl sign my private key. Shoudl it encrypt with something else?
I extracted the public key of the webservice (found at the bottom of the wsdl) and added it to my keystore. Shoud I use the alias from the public key of the webservice for encrypting? From: Colm O hEigeartaigh [mailto:[email protected]] Sent: Monday, February 03, 2014 10:24 AM To: Carlos Oliva Cc: [email protected] Subject: Re: Client Apache CXF to a Windows webservice You're still using the same key alias for signature and encryption... Colm. On Mon, Feb 3, 2014 at 3:22 PM, Carlos Oliva <[email protected]> wrote: Thank you for your help Colm. I followed your directions and created a client with your instructions (JavaClient.txt). The output from the SOAPHandlerInterceptor and Logging interceptors are in the attahced file, StandardOut.txt. I hope that I followed your directions correctly. If you think that the client should work and that the out message is proper, I am really thinking that the webservice fails to understand my public key. If so, I am thinking that the implementors of the webservice need to correct their implementation. -----Original Message----- From: Colm O hEigeartaigh [mailto:[email protected]] Sent: Monday, February 03, 2014 9:55 AM To: Carlos Oliva Cc: [email protected] Subject: Re: Client Apache CXF to a Windows webservice No, that's not the problem. I've just looked at your Client.txt and it is incorrect. I see two problems: a) You are defining security actions via WSHandlerConstants.* and then adding the properties to a WSS4JOutInterceptor. However, is it unnecessary to do this, as security is configured via the SecurityPolicy. Get rid of from " java.util.Map<String,Object> outProps..." down to "client.getOutInterceptors().add(wssOut);" b) Your WS-SecurityPolicy configuration looks like: bindingProvider.getRequestContext().put("ws-security.username", "mykey"); bindingProvider.getRequestContext().put("ws-security.callback-handler", new KeystorePasswordCallback()); // Encryption properties file with directions to use the keystore bindingProvider.getRequestContext().put("ws-security.encryption.username ", "mykey"); bindingProvider.getRequestContext().put("ws-security.encryption.properti es", "pbsitokhie.properties"); However, you are using the same key alias for both signature + encryption here! You should be specifying the signature alias via "ws-security.signature.username" + the encryption alias via "ws-security.encryption.username". If "mykey" is your key, then I guess the error is that the service cannot decrypt the EncryptedKey... Colm. On Mon, Feb 3, 2014 at 2:16 PM, Carlos Oliva <[email protected]> wrote: > Hi Colm, > I just noticed that the Security element fails to appear in the list > of headers of the SOAPMessage. I added a SOAPHandlerInterceptor to my > client and listed the the headers (perhaps I need to add it in a > different Phase). This is what I got: > Message has 4 headers > {http://www.w3.org/2005/08/addressing}Action <http://www.w3.org/2005/08/addressing%7dAction> > {http://www.w3.org/2005/08/addressing}MessageID <http://www.w3.org/2005/08/addressing%7dMessageID> > {http://www.w3.org/2005/08/addressing}To <http://www.w3.org/2005/08/addressing%7dTo> > {http://www.w3.org/2005/08/addressing}ReplyTo <http://www.w3.org/2005/08/addressing%7dReplyTo> > > The logging interceptor lists the outgoing message afterwards and the > Security element appears as follows: > ><wsse:Security > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws > se > curity-secext-1.0.xsd" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss > ec urity-utility-1.0.xsd" soap:mustUnderstand="true"> > > Is it that the interceptor fails to understand the Security element as > part of the Header? I am asking because the webservice sends a fault > message back with ta text like "An error occurred when verifying > security for the message" > > -----Original Message----- > From: Colm O hEigeartaigh [mailto:[email protected]] > Sent: Monday, February 03, 2014 7:32 AM > To: [email protected] > Subject: Re: Client Apache CXF to a Windows webservice > > Do you have access to the logs on the service side to see why the > request was rejected? I don't really see anything wrong with the CXF > request. Could you attach the security policy that is being used? > > Colm. > > > On Sat, Feb 1, 2014 at 9:52 PM, Carlos Oliva <[email protected]> > wrote: > > > How can I mimic the message in the attached file, message.xml, with > > a stand-alone Apache CXF client? The file is a trace output from > > support at the remote server. I need to replicate the message > > described in the file without the added artifacts created be the > tracer. > > > > > > > > I created a java client, attached file client.txt, by replicating > > the > > > Greeter example in the Apache CXF web site. I created the artifacts > > with wsdl2java from the wsdl quoted in the attached file, > > (SecodnExchange.txt), and coded the client. My client created the > > message listed in the file, SecondExchange.txt, and get the response > > "An error occurred when verifying security for the message". The > > support team for the service has told me that they had added my > > public > key to their configuration. > > > > > > > > I am stuck with this problem. It looks like the client is creating > > code that is very similar to the one that succeeds. Thank you very > > much in advance. > > *PRIVILEGED AND CONFIDENTIAL: This document and the information > > contained herein are confidential and protected from disclosure > > under > Federal law. > > This message is intended only for the use of the addressee(s) and > > may contain information that is PRIVILEGED and CONFIDENTIAL. If you > > are not the intended recipient, you are hereby notified that the > > use, dissemination, or copying of this information is strictly prohibited. > > If you received this communication in error, please erase all copies > > of the message and its attachments and notify the sender > > immediately.* > > > > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
