Hi Colm,
Thanks for investing time in this. My problem is I need to define security
at server end. I do have ws-policy.xml but that file does not have set of
properties that can define WSS4J configuration. Can you please help me
identify how I can define WSS4J related properties on server side.
Following your suggestions I have tried putting mentioned properties in
cxf-servlet.xml in below mentioned way (keeping ws-policy.xml same as
before):
<jaxws:endpoint address="/WSService">
<jaxws:implementor>
<bean id="WSService"
class="com.test.webservice.WSService" />
</jaxws:implementor>
<jaxws:inInterceptors>
<bean class="com.test.webservice.AuthHandler"/>
</jaxws:inInterceptors>
<jaxws:outInterceptors>
<bean class="com.test.webservice.LogHandler"/>
</jaxws:outInterceptors>
<jaxws:properties>
<entry key="ws-security.callback-handler"
value="com.test.webservice.PWCBHandler" />
<entry key="ws-security.encryption.properties" value="service.properties" />
<entry key="ws-security.encryption.username" value="service" />
<entry key="ws-security.signature.properties" value="service.properties" />
<entry key="ws-security.signature.username" value="service" />
*<entry key="ws-security.is-bsp-compliant"
value="false" />*
</jaxws:properties>
</jaxws:endpoint>
But doing these changes still I am facing the same problem. Also if I am
not putting highlighted property in cxf-servlet.xml then I am facing below
mentioned issue
*Caused by: org.apache.ws.security.WSSecurityException: An invalid security
token was provided (Bad ValueType
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>")*
* at
org.apache.ws.security.str.BSPEnforcer.checkBinarySecurityBSPCompliance(BSPEnforcer.java:70)*
* at
org.apache.ws.security.str.EncryptedKeySTRParser.parseSecurityTokenReference(EncryptedKeySTRParser.java:117)*
* at
org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:297)*
* at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:114)*
* at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:65)*
* at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)*
* at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)*
Just want to confirm why we need to put this property in cxf-servlet.xml.
Is this the best approach or there is something I am missing.
Thanks again for your time. Looking forward for your response.
Thanks, Puneet,
On Mon, Jul 21, 2014 at 3:19 PM, Colm O hEigeartaigh <[email protected]>
wrote:
> Hi,
>
> You are mixing up the two different ways of configuring WS-Security in CXF.
> The "action" based approach involves defining WSS4JOutInterceptor +
> WSS4JInInterceptors + explicitly adding them to the interceptor chain.
> However, when you have a security policy, you don't need to do any of this
> as CXF will take care of configuring WSS4J for you. In this case, you just
> need to define some JAX-WS properties (keystores etc.). For example, see
> the following test configuration:
>
>
> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob_plain;f=systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client/client.xml;hb=refs/heads/2.7.x-fixes
>
> e.g.
>
> <jaxws:client name="{
> http://www.example.org/contract/DoubleIt}DoubleItAsymmetricSignEncryptPort
> "
> createdFromAPI="true">
> <jaxws:properties>
> <entry key="ws-security.callback-handler"
>
>
> value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
> <entry key="ws-security.encryption.properties"
> value="bob.properties"/>
> <entry key="ws-security.encryption.username" value="bob"/>
> <entry key="ws-security.signature.properties"
> value="alice.properties"/>
> <entry key="ws-security.signature.username" value="alice"/>
> </jaxws:properties>
> </jaxws:client>
>
> Colm.
>
>
> On Sat, Jul 19, 2014 at 4:38 PM, Puneet Gupta <[email protected]
> >
> wrote:
>
> > Hi All,
> >
> > I am migrating from Axis2 Web Services to Apache CXF. In axis2, I had
> > configured security using Rampart and I have configured it using
> following
> > policy settings:
> >
> > *<wsp:Policy wsu:Id="SigEncr"*
> > *
> > xmlns:wsu="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > <
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > >"*
> > * xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy
> > <http://schemas.xmlsoap.org/ws/2004/09/policy>">*
> > * <wsp:ExactlyOne>*
> > * <wsp:All>*
> > * <sp:AsymmetricBinding*
> > * xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
> > * <wsp:Policy>*
> > * <sp:InitiatorToken>*
> > * <wsp:Policy>*
> > * <sp:X509Token*
> > *
> > sp:IncludeToken="
> >
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> > <
> >
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> > >">*
> > * <wsp:Policy>*
> > * <sp:RequireKeyIdentifierReference />*
> > * <sp:WssX509V3Token10 />*
> > * </wsp:Policy>*
> > * </sp:X509Token>*
> > * </wsp:Policy>*
> > * </sp:InitiatorToken>*
> > * <sp:RecipientToken>*
> > * <wsp:Policy>*
> > * <sp:X509Token*
> > *
> > sp:IncludeToken="
> > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never
> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never
> > >">*
> > * <wsp:Policy>*
> > * <sp:RequireKeyIdentifierReference />*
> > * <sp:WssX509V3Token10 />*
> > * </wsp:Policy>*
> > * </sp:X509Token>*
> > * </wsp:Policy>*
> > * </sp:RecipientToken>*
> > * <sp:AlgorithmSuite>*
> > * <wsp:Policy>*
> > * <sp:TripleDesRsa15 />*
> > * </wsp:Policy>*
> > * </sp:AlgorithmSuite>*
> > * <sp:Layout>*
> > * <wsp:Policy>*
> > * <sp:Strict />*
> > * </wsp:Policy>*
> > * </sp:Layout>*
> > * <sp:IncludeTimestamp />*
> > * <sp:OnlySignEntireHeadersAndBody />*
> > * </wsp:Policy>*
> > * </sp:AsymmetricBinding>*
> > * <sp:Wss10 xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
> > * <wsp:Policy>*
> > * <sp:MustSupportRefKeyIdentifier />*
> > * <sp:MustSupportRefIssuerSerial />*
> > * </wsp:Policy>*
> > * </sp:Wss10>*
> > * <sp:SignedParts*
> > * xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
> > * <sp:Body />*
> > * </sp:SignedParts>*
> > * <sp:EncryptedParts*
> > * xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
> > * <sp:Body />*
> > * </sp:EncryptedParts>*
> >
> > * <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy
> > <http://ws.apache.org/rampart/policy>">*
> > * <ramp:user>service</ramp:user>*
> > * <ramp:encryptionUser>client</ramp:encryptionUser>*
> > *
> >
> >
> <ramp:passwordCallbackClass>com.test.webservice.PWCBHandler</ramp:passwordCallbackClass>*
> >
> > * <ramp:signatureCrypto>*
> > * <ramp:crypto
> provider="org.apache.ws.security.components.crypto.Merlin">*
> > * <ramp:property*
> > *
> >
> >
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>*
> > * <ramp:property
> >
> >
> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>*
> > * <ramp:property*
> > *
> >
> >
> name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>*
> > * </ramp:crypto>*
> > * </ramp:signatureCrypto>*
> > * <ramp:encryptionCypto>*
> > * <ramp:crypto
> provider="org.apache.ws.security.components.crypto.Merlin">*
> > * <ramp:property*
> > *
> >
> >
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>*
> > * <ramp:property
> >
> >
> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>*
> > * <ramp:property*
> > *
> >
> >
> name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>*
> > * </ramp:crypto>*
> > * </ramp:encryptionCypto>*
> > * </ramp:RampartConfig>*
> > * </wsp:All>*
> > * </wsp:ExactlyOne>*
> > * </wsp:Policy>*
> >
> > In Apache CXF, I am trying to configure the security following below
> steps:
> >
> > 1. I have created as ws-policy.xml file and is placed under
> WEB-INF/classes
> > folder. I am providing this policy file to service class using @Policies
> > annotation. Ex:
> >
> >
> > *@Policy(uri = "ws-policy.xml")*
> > *@WebService(targetNamespace = "http://webservice.test.com
> > <http://webservice.test.com>", name = "WSServicePortType")*
> > *public class WSService {*
> > *//Service method goes here.*
> > *}*
> >
> > Contents of ws-policy.xml is as follows:
> >
> > *<wsp:Policy*
> > *
> > xmlns:wsu="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > <
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > >"*
> > * xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy
> > <http://schemas.xmlsoap.org/ws/2004/09/policy>">*
> >
> > * <sp:AsymmetricBinding*
> > * xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
> > * <wsp:Policy>*
> > * <sp:InitiatorToken>*
> > * <wsp:Policy>*
> > * <sp:X509Token*
> > *
> > sp:IncludeToken="
> >
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> > <
> >
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> > >">*
> > * <wsp:Policy>*
> > * <sp:RequireIssuerSerialReference />*
> > * </wsp:Policy>*
> > * </sp:X509Token>*
> > * </wsp:Policy>*
> > * </sp:InitiatorToken>*
> > * <sp:RecipientToken>*
> > * <wsp:Policy>*
> > * <sp:X509Token*
> > *
> > sp:IncludeToken="
> >
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> > <
> >
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> > >">*
> > * <wsp:Policy>*
> > * <sp:RequireIssuerSerialReference />*
> > * </wsp:Policy>*
> > * </sp:X509Token>*
> > * </wsp:Policy>*
> > * </sp:RecipientToken>*
> > * <sp:AlgorithmSuite>*
> > * <wsp:Policy>*
> > * <sp:TripleDesRsa15 />*
> > * </wsp:Policy>*
> > * </sp:AlgorithmSuite>*
> > * <sp:Layout>*
> > * <wsp:Policy>*
> > * <sp:Strict />*
> > * </wsp:Policy>*
> > * </sp:Layout>*
> > * </wsp:Policy>*
> > * </sp:AsymmetricBinding>*
> >
> > * <sp:Wss10 xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
> > * <wsp:Policy>*
> > * <sp:MustSupportRefKeyIdentifier />*
> > * <sp:MustSupportRefIssuerSerial />*
> > * </wsp:Policy>*
> > * </sp:Wss10>*
> > * <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
> > * <sp:Body />*
> > * </sp:SignedParts>*
> > * <sp:EncryptedParts*
> > * xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
> > * <sp:Body />*
> > * </sp:EncryptedParts>*
> > *</wsp:Policy>*
> >
> > 2. To configure WSS4J, I am using following snippet in cxf-servlet.xml:
> >
> > * <jaxws:endpoint address="/WSService">*
> > * <jaxws:implementor>*
> > * <bean id="WSService"*
> > * class="com.test.webservice.WSService" />*
> > * </jaxws:implementor>*
> > * <jaxws:inInterceptors>*
> > * <ref bean="wss4jInConfiguration" />*
> > * <bean class="com.test.webservice.AuthHandler">*
> > * </bean>*
> > * </jaxws:inInterceptors>*
> > * <jaxws:outInterceptors>*
> > * <ref bean="wss4jOutConfiguration" />*
> > * <bean class="com.test.webservice.LogHandler">*
> > * </bean>*
> > * </jaxws:outInterceptors>*
> > * <jaxws:properties>*
> > * <entry key="ws-security.is-bsp-compliant" value="false" />*
> > * </jaxws:properties>*
> > * </jaxws:endpoint>*
> >
> > * <bean id="wss4jInConfiguration"
> > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">*
> > * <constructor-arg>*
> > * <map>*
> > * <entry key="action" value="Signature Encrypt Timestamp" />*
> > * <entry key="signaturePropFile" value="service.properties" />*
> > * <entry key="decryptionPropFile" value="service.properties" />*
> > * <entry key="encryptionPropFile" value="service.properties" />*
> > * <entry key="passwordCallbackClass"
> > value="com.test.webservice.PWCBHandler" />*
> > * </map>*
> > * </constructor-arg>*
> > * </bean>*
> >
> > * <bean id="wss4jOutConfiguration"
> > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">*
> > * <constructor-arg>*
> > * <map>*
> > * <entry key="action" value="Timestamp Signature Encrypt" />*
> > * <entry key="passwordCallbackClass"
> > value="com.test.webservice.PWCBHandler" />*
> > * <entry key="signaturePropFile" value="service.properties" />*
> > * <entry key="encryptionPropFile" value="service.properties" />*
> > * <entry key="decryptionPropFile" value="service.properties" />*
> > * </map>*
> > * </constructor-arg>*
> > * </bean>*
> >
> > service.properties is also present in WEB-INF/classes folder. Its content
> > are as below:
> >
> >
> >
> *org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin*
> > *org.apache.ws.security.crypto.merlin.keystore.type=jks*
> > *org.apache.ws.security.crypto.merlin.keystore.password=password*
> > *org.apache.ws.security.crypto.merlin.file=service.jks*
> >
> > Using above configuration I am getting below mentioned exception when I
> am
> > trying to access web service through client which is configured using
> same
> > security setting which I used while I was in axis2:
> >
> > 20:49:21,744 WARN [ws.security.wss4j.WSS4JInInterceptor ] -
> > org.apache.ws.security.WSSecurityException: The signature or decryption
> was
> > invalid
> > at
> >
> >
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:450)
> > at
> >
> >
> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231)
> > at
> >
> >
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
> > at
> >
> >
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)
> > at
> >
> >
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95)
> > at
> >
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
> > at
> >
> >
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> > at
> >
> >
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:241)
> > at
> >
> >
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
> > at
> >
> >
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
> > at
> >
> >
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
> > at
> >
> >
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
> > at
> >
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
> > at
> >
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
> > at
> >
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
> > at
> >
> >
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
> > at
> >
> >
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> > at
> >
> >
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
> > at
> >
> >
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
> > at
> >
> >
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
> > at
> >
> >
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
> > at
> >
> >
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
> > at
> > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
> > at
> >
> >
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
> > at
> >
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
> > at
> >
> >
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
> > at
> >
> >
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
> > at
> >
> >
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
> > at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
> > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
> > at java.lang.Thread.run(Unknown Source)
> > 20:49:21,745 WARN [apache.cxf.phase.PhaseInterceptorChain ] -
> > Interceptor for {http://webservice.test.com
> > }WSAmandaSecurityServiceService#{
> > http://webservice.test.com}authenticateUser has thrown exception,
> > unwinding
> > now
> > org.apache.cxf.binding.soap.SoapFault: The signature or decryption was
> > invalid
> > at
> >
> >
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:850)
> > at
> >
> >
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:327)
> > at
> >
> >
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95)
> > at
> >
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
> > at
> >
> >
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> > at
> >
> >
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:241)
> > at
> >
> >
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
> > at
> >
> >
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
> > at
> >
> >
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
> > at
> >
> >
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
> > at
> >
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
> > at
> >
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
> > at
> >
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
> > at
> >
> >
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
> > at
> >
> >
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> > at
> >
> >
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
> > at
> >
> >
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
> > at
> >
> >
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
> > at
> >
> >
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
> > at
> >
> >
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
> > at
> > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
> > at
> >
> >
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
> > at
> >
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
> > at
> >
> >
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
> > at
> >
> >
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
> > at
> >
> >
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
> > at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
> > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
> > at java.lang.Thread.run(Unknown Source)
> > Caused by: org.apache.ws.security.WSSecurityException: The signature or
> > decryption was invalid
> > at
> >
> >
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:450)
> > at
> >
> >
> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231)
> > at
> >
> >
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
> > at
> >
> >
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)
> > ... 28 test
> >
> >
> > Can anyone help me identify if I am missing anything while configuring
> > WSS4J in apache cxf, so that I can use same client to access cxf web
> > service?
> >
> > Thanks for your time and help.
> >
> > Regards, Puneet.
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
