Hi, Your approach of adding the security properties as "jaxws:properties" for the Endpoint is correct. If you are still seeing the error at "org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature" then I recommend turning logging up to "DEBUG" setting + having a look. This will tell you exactly where/why signature validation is failing. The likelihood is that the signing certificate is not trusted by the service endpoint. If you are still really stuck, then if you create a test-case to reproduce the problem I will take a look.
With regards to the "BSP" error, could you paste the content of the EncryptedKey structure in the security header into a mail? Is the client a CXF client or a third party product? This type of error occurs when no "ValueType" attribute is present (or the wrong one is used), which is required by the Basic Security Profile specification. Colm. On Mon, Jul 21, 2014 at 1:33 PM, Puneet Gupta <[email protected]> wrote: > Hi Colm, > > Thanks for investing time in this. My problem is I need to define security > at server end. I do have ws-policy.xml but that file does not have set of > properties that can define WSS4J configuration. Can you please help me > identify how I can define WSS4J related properties on server side. > Following your suggestions I have tried putting mentioned properties in > cxf-servlet.xml in below mentioned way (keeping ws-policy.xml same as > before): > > <jaxws:endpoint address="/WSService"> > <jaxws:implementor> > <bean id="WSService" > class="com.test.webservice.WSService" /> > </jaxws:implementor> > <jaxws:inInterceptors> > <bean class="com.test.webservice.AuthHandler"/> > </jaxws:inInterceptors> > <jaxws:outInterceptors> > <bean class="com.test.webservice.LogHandler"/> > </jaxws:outInterceptors> > <jaxws:properties> > <entry key="ws-security.callback-handler" > value="com.test.webservice.PWCBHandler" /> > <entry key="ws-security.encryption.properties" value="service.properties" > /> > <entry key="ws-security.encryption.username" value="service" /> > <entry key="ws-security.signature.properties" value="service.properties" /> > <entry key="ws-security.signature.username" value="service" /> > *<entry key="ws-security.is-bsp-compliant" > value="false" />* > </jaxws:properties> > </jaxws:endpoint> > > But doing these changes still I am facing the same problem. Also if I am > not putting highlighted property in cxf-servlet.xml then I am facing below > mentioned issue > > *Caused by: org.apache.ws.security.WSSecurityException: An invalid > security token was provided (Bad ValueType > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 > <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3>")* > * at > org.apache.ws.security.str.BSPEnforcer.checkBinarySecurityBSPCompliance(BSPEnforcer.java:70)* > * at > org.apache.ws.security.str.EncryptedKeySTRParser.parseSecurityTokenReference(EncryptedKeySTRParser.java:117)* > * at > org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:297)* > * at > org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:114)* > * at > org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:65)* > * at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)* > * at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)* > > Just want to confirm why we need to put this property in cxf-servlet.xml. > Is this the best approach or there is something I am missing. > > Thanks again for your time. Looking forward for your response. > > Thanks, Puneet, > > > On Mon, Jul 21, 2014 at 3:19 PM, Colm O hEigeartaigh <[email protected]> > wrote: > >> Hi, >> >> You are mixing up the two different ways of configuring WS-Security in >> CXF. >> The "action" based approach involves defining WSS4JOutInterceptor + >> WSS4JInInterceptors + explicitly adding them to the interceptor chain. >> However, when you have a security policy, you don't need to do any of this >> as CXF will take care of configuring WSS4J for you. In this case, you just >> need to define some JAX-WS properties (keystores etc.). For example, see >> the following test configuration: >> >> >> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob_plain;f=systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client/client.xml;hb=refs/heads/2.7.x-fixes >> >> e.g. >> >> <jaxws:client name="{ >> http://www.example.org/contract/DoubleIt}DoubleItAsymmetricSignEncryptPort >> " >> createdFromAPI="true"> >> <jaxws:properties> >> <entry key="ws-security.callback-handler" >> >> >> value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/> >> <entry key="ws-security.encryption.properties" >> value="bob.properties"/> >> <entry key="ws-security.encryption.username" value="bob"/> >> <entry key="ws-security.signature.properties" >> value="alice.properties"/> >> <entry key="ws-security.signature.username" value="alice"/> >> </jaxws:properties> >> </jaxws:client> >> >> Colm. >> >> >> On Sat, Jul 19, 2014 at 4:38 PM, Puneet Gupta < >> [email protected]> >> wrote: >> >> > Hi All, >> > >> > I am migrating from Axis2 Web Services to Apache CXF. In axis2, I had >> > configured security using Rampart and I have configured it using >> following >> > policy settings: >> > >> > *<wsp:Policy wsu:Id="SigEncr"* >> > * >> > xmlns:wsu=" >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >> > < >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >> > >"* >> > * xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy >> > <http://schemas.xmlsoap.org/ws/2004/09/policy>">* >> > * <wsp:ExactlyOne>* >> > * <wsp:All>* >> > * <sp:AsymmetricBinding* >> > * xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >> > * <wsp:Policy>* >> > * <sp:InitiatorToken>* >> > * <wsp:Policy>* >> > * <sp:X509Token* >> > * >> > sp:IncludeToken=" >> > >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >> > < >> > >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >> > >">* >> > * <wsp:Policy>* >> > * <sp:RequireKeyIdentifierReference />* >> > * <sp:WssX509V3Token10 />* >> > * </wsp:Policy>* >> > * </sp:X509Token>* >> > * </wsp:Policy>* >> > * </sp:InitiatorToken>* >> > * <sp:RecipientToken>* >> > * <wsp:Policy>* >> > * <sp:X509Token* >> > * >> > sp:IncludeToken=" >> > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never >> > < >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never >> > >">* >> > * <wsp:Policy>* >> > * <sp:RequireKeyIdentifierReference />* >> > * <sp:WssX509V3Token10 />* >> > * </wsp:Policy>* >> > * </sp:X509Token>* >> > * </wsp:Policy>* >> > * </sp:RecipientToken>* >> > * <sp:AlgorithmSuite>* >> > * <wsp:Policy>* >> > * <sp:TripleDesRsa15 />* >> > * </wsp:Policy>* >> > * </sp:AlgorithmSuite>* >> > * <sp:Layout>* >> > * <wsp:Policy>* >> > * <sp:Strict />* >> > * </wsp:Policy>* >> > * </sp:Layout>* >> > * <sp:IncludeTimestamp />* >> > * <sp:OnlySignEntireHeadersAndBody />* >> > * </wsp:Policy>* >> > * </sp:AsymmetricBinding>* >> > * <sp:Wss10 xmlns:sp=" >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >> > * <wsp:Policy>* >> > * <sp:MustSupportRefKeyIdentifier />* >> > * <sp:MustSupportRefIssuerSerial />* >> > * </wsp:Policy>* >> > * </sp:Wss10>* >> > * <sp:SignedParts* >> > * xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >> > * <sp:Body />* >> > * </sp:SignedParts>* >> > * <sp:EncryptedParts* >> > * xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >> > * <sp:Body />* >> > * </sp:EncryptedParts>* >> > >> > * <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy >> > <http://ws.apache.org/rampart/policy>">* >> > * <ramp:user>service</ramp:user>* >> > * <ramp:encryptionUser>client</ramp:encryptionUser>* >> > * >> > >> > >> <ramp:passwordCallbackClass>com.test.webservice.PWCBHandler</ramp:passwordCallbackClass>* >> > >> > * <ramp:signatureCrypto>* >> > * <ramp:crypto >> provider="org.apache.ws.security.components.crypto.Merlin">* >> > * <ramp:property* >> > * >> > >> > >> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>* >> > * <ramp:property >> > >> > >> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>* >> > * <ramp:property* >> > * >> > >> > >> name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>* >> > * </ramp:crypto>* >> > * </ramp:signatureCrypto>* >> > * <ramp:encryptionCypto>* >> > * <ramp:crypto >> provider="org.apache.ws.security.components.crypto.Merlin">* >> > * <ramp:property* >> > * >> > >> > >> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>* >> > * <ramp:property >> > >> > >> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>* >> > * <ramp:property* >> > * >> > >> > >> name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>* >> > * </ramp:crypto>* >> > * </ramp:encryptionCypto>* >> > * </ramp:RampartConfig>* >> > * </wsp:All>* >> > * </wsp:ExactlyOne>* >> > * </wsp:Policy>* >> > >> > In Apache CXF, I am trying to configure the security following below >> steps: >> > >> > 1. I have created as ws-policy.xml file and is placed under >> WEB-INF/classes >> > folder. I am providing this policy file to service class using @Policies >> > annotation. Ex: >> > >> > >> > *@Policy(uri = "ws-policy.xml")* >> > *@WebService(targetNamespace = "http://webservice.test.com >> > <http://webservice.test.com>", name = "WSServicePortType")* >> > *public class WSService {* >> > *//Service method goes here.* >> > *}* >> > >> > Contents of ws-policy.xml is as follows: >> > >> > *<wsp:Policy* >> > * >> > xmlns:wsu=" >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >> > < >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >> > >"* >> > * xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy >> > <http://schemas.xmlsoap.org/ws/2004/09/policy>">* >> > >> > * <sp:AsymmetricBinding* >> > * xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >> > * <wsp:Policy>* >> > * <sp:InitiatorToken>* >> > * <wsp:Policy>* >> > * <sp:X509Token* >> > * >> > sp:IncludeToken=" >> > >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >> > < >> > >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >> > >">* >> > * <wsp:Policy>* >> > * <sp:RequireIssuerSerialReference />* >> > * </wsp:Policy>* >> > * </sp:X509Token>* >> > * </wsp:Policy>* >> > * </sp:InitiatorToken>* >> > * <sp:RecipientToken>* >> > * <wsp:Policy>* >> > * <sp:X509Token* >> > * >> > sp:IncludeToken=" >> > >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >> > < >> > >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >> > >">* >> > * <wsp:Policy>* >> > * <sp:RequireIssuerSerialReference />* >> > * </wsp:Policy>* >> > * </sp:X509Token>* >> > * </wsp:Policy>* >> > * </sp:RecipientToken>* >> > * <sp:AlgorithmSuite>* >> > * <wsp:Policy>* >> > * <sp:TripleDesRsa15 />* >> > * </wsp:Policy>* >> > * </sp:AlgorithmSuite>* >> > * <sp:Layout>* >> > * <wsp:Policy>* >> > * <sp:Strict />* >> > * </wsp:Policy>* >> > * </sp:Layout>* >> > * </wsp:Policy>* >> > * </sp:AsymmetricBinding>* >> > >> > * <sp:Wss10 xmlns:sp=" >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >> > * <wsp:Policy>* >> > * <sp:MustSupportRefKeyIdentifier />* >> > * <sp:MustSupportRefIssuerSerial />* >> > * </wsp:Policy>* >> > * </sp:Wss10>* >> > * <sp:SignedParts >> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >> > * <sp:Body />* >> > * </sp:SignedParts>* >> > * <sp:EncryptedParts* >> > * xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >> > * <sp:Body />* >> > * </sp:EncryptedParts>* >> > *</wsp:Policy>* >> > >> > 2. To configure WSS4J, I am using following snippet in cxf-servlet.xml: >> > >> > * <jaxws:endpoint address="/WSService">* >> > * <jaxws:implementor>* >> > * <bean id="WSService"* >> > * class="com.test.webservice.WSService" />* >> > * </jaxws:implementor>* >> > * <jaxws:inInterceptors>* >> > * <ref bean="wss4jInConfiguration" />* >> > * <bean class="com.test.webservice.AuthHandler">* >> > * </bean>* >> > * </jaxws:inInterceptors>* >> > * <jaxws:outInterceptors>* >> > * <ref bean="wss4jOutConfiguration" />* >> > * <bean class="com.test.webservice.LogHandler">* >> > * </bean>* >> > * </jaxws:outInterceptors>* >> > * <jaxws:properties>* >> > * <entry key="ws-security.is-bsp-compliant" value="false" />* >> > * </jaxws:properties>* >> > * </jaxws:endpoint>* >> > >> > * <bean id="wss4jInConfiguration" >> > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">* >> > * <constructor-arg>* >> > * <map>* >> > * <entry key="action" value="Signature Encrypt Timestamp" />* >> > * <entry key="signaturePropFile" value="service.properties" />* >> > * <entry key="decryptionPropFile" value="service.properties" />* >> > * <entry key="encryptionPropFile" value="service.properties" />* >> > * <entry key="passwordCallbackClass" >> > value="com.test.webservice.PWCBHandler" />* >> > * </map>* >> > * </constructor-arg>* >> > * </bean>* >> > >> > * <bean id="wss4jOutConfiguration" >> > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">* >> > * <constructor-arg>* >> > * <map>* >> > * <entry key="action" value="Timestamp Signature Encrypt" />* >> > * <entry key="passwordCallbackClass" >> > value="com.test.webservice.PWCBHandler" />* >> > * <entry key="signaturePropFile" value="service.properties" />* >> > * <entry key="encryptionPropFile" value="service.properties" />* >> > * <entry key="decryptionPropFile" value="service.properties" />* >> > * </map>* >> > * </constructor-arg>* >> > * </bean>* >> > >> > service.properties is also present in WEB-INF/classes folder. Its >> content >> > are as below: >> > >> > >> > >> *org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin* >> > *org.apache.ws.security.crypto.merlin.keystore.type=jks* >> > *org.apache.ws.security.crypto.merlin.keystore.password=password* >> > *org.apache.ws.security.crypto.merlin.file=service.jks* >> > >> > Using above configuration I am getting below mentioned exception when I >> am >> > trying to access web service through client which is configured using >> same >> > security setting which I used while I was in axis2: >> > >> > 20:49:21,744 WARN [ws.security.wss4j.WSS4JInInterceptor ] >> - >> > org.apache.ws.security.WSSecurityException: The signature or decryption >> was >> > invalid >> > at >> > >> > >> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:450) >> > at >> > >> > >> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231) >> > at >> > >> > >> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) >> > at >> > >> > >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270) >> > at >> > >> > >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95) >> > at >> > >> > >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) >> > at >> > >> > >> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >> > at >> > >> > >> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:241) >> > at >> > >> > >> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248) >> > at >> > >> > >> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222) >> > at >> > >> > >> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) >> > at >> > >> > >> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) >> > at >> > >> > >> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286) >> > at >> > >> > >> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206) >> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:647) >> > at >> > >> > >> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262) >> > at >> > >> > >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) >> > at >> > >> > >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) >> > at >> > >> > >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) >> > at >> > >> > >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) >> > at >> > >> > >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) >> > at >> > >> > >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) >> > at >> > >> > >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) >> > at >> > >> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) >> > at >> > >> > >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) >> > at >> > >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) >> > at >> > >> > >> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) >> > at >> > >> > >> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) >> > at >> > >> > >> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310) >> > at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) >> > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) >> > at java.lang.Thread.run(Unknown Source) >> > 20:49:21,745 WARN [apache.cxf.phase.PhaseInterceptorChain ] >> - >> > Interceptor for {http://webservice.test.com >> > }WSAmandaSecurityServiceService#{ >> > http://webservice.test.com}authenticateUser has thrown exception, >> > unwinding >> > now >> > org.apache.cxf.binding.soap.SoapFault: The signature or decryption was >> > invalid >> > at >> > >> > >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:850) >> > at >> > >> > >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:327) >> > at >> > >> > >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95) >> > at >> > >> > >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) >> > at >> > >> > >> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >> > at >> > >> > >> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:241) >> > at >> > >> > >> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248) >> > at >> > >> > >> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222) >> > at >> > >> > >> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) >> > at >> > >> > >> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) >> > at >> > >> > >> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286) >> > at >> > >> > >> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206) >> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:647) >> > at >> > >> > >> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262) >> > at >> > >> > >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) >> > at >> > >> > >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) >> > at >> > >> > >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) >> > at >> > >> > >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) >> > at >> > >> > >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) >> > at >> > >> > >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) >> > at >> > >> > >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) >> > at >> > >> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) >> > at >> > >> > >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) >> > at >> > >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) >> > at >> > >> > >> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) >> > at >> > >> > >> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) >> > at >> > >> > >> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310) >> > at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) >> > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) >> > at java.lang.Thread.run(Unknown Source) >> > Caused by: org.apache.ws.security.WSSecurityException: The signature or >> > decryption was invalid >> > at >> > >> > >> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:450) >> > at >> > >> > >> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231) >> > at >> > >> > >> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) >> > at >> > >> > >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270) >> > ... 28 test >> > >> > >> > Can anyone help me identify if I am missing anything while configuring >> > WSS4J in apache cxf, so that I can use same client to access cxf web >> > service? >> > >> > Thanks for your time and help. >> > >> > Regards, Puneet. >> > >> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
