Without running the project, one immediate error I see is that you are including XML Security 2.0.0. This is not compatible with WSS4J 1.6.x or CXF 2.7.x. WSS4J + XML Security will get pulled in from the cxf-rt-ws-security dependency anyway, so just remove WSS4J + XML Security from the pom + see if this works.
Colm. On Wed, Aug 6, 2014 at 7:40 AM, Puneet Gupta <[email protected]> wrote: > Hi Colm, > > Please find attached zip file containing: > > 1. A sample service with source code(demo-security.zip). > 2. A Sample SOAP UI (DemoSecurity-soapui-project.xml) project with > security configured in the project itself. (Generally we are using SOAP UI > for testing our service in development environment. Using Axis2 we had same > configuration in SOAP UI and there wss4j worked for us.) > 3. Attached zip file also contains a generated client.jks file which you > will need to point in your local environment while working through SOAP UI. > 4. A bat file which contains detailed steps which I followed to generate > key stores. I used jdk1.7.0_15 to generate key stores. > > Waiting for your response. Any pointers where I am missing the trick is > highly appreciated. > > Regards, > Puneet. > > > On Thu, Jul 31, 2014 at 3:01 PM, Puneet Gupta <[email protected] > > wrote: > >> Also I tried enabling logging information by specifying following >> property in Tomcat launch configuration, but haven't found anything >> relevant information there: >> >> >> -Djava.util.logging.config.file=C:\Users\p.gupta\Desktop\logging.properties >> -Dorg.apache.cxf.Logger=org.apache.cxf.common.logging.Slf4jLogger >> >> I have set logging level to Finest in logging.properties. >> >> Thanks, Puneet. >> >> >> On Thu, Jul 31, 2014 at 2:58 PM, Puneet Gupta < >> [email protected]> wrote: >> >>> Hi Colm, >>> >>> Can you please help me understand what exactly you want in sample test >>> case. Should I send you a sample project with all current configuration and >>> a sample client in which I am facing this issue? Would that be sufficient? >>> >>> Please note that I am using SOAP UI as testing tool for my service. I am >>> getting "BSP" error on client that is created in SOAP UI. I haven't >>> tried creating a CXF client yet. >>> >>> Thanks for your patience. >>> >>> Puneet. >>> >>> >>> On Tue, Jul 22, 2014 at 2:57 PM, Colm O hEigeartaigh < >>> [email protected]> wrote: >>> >>>> Hi, >>>> >>>> Your approach of adding the security properties as "jaxws:properties" >>>> for >>>> the Endpoint is correct. If you are still seeing the error at >>>> "org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature" >>>> then I recommend turning logging up to "DEBUG" setting + having a look. >>>> This will tell you exactly where/why signature validation is failing. >>>> The >>>> likelihood is that the signing certificate is not trusted by the service >>>> endpoint. If you are still really stuck, then if you create a test-case >>>> to >>>> reproduce the problem I will take a look. >>>> >>>> With regards to the "BSP" error, could you paste the content of the >>>> EncryptedKey structure in the security header into a mail? Is the >>>> client a >>>> CXF client or a third party product? This type of error occurs when no >>>> "ValueType" attribute is present (or the wrong one is used), which is >>>> required by the Basic Security Profile specification. >>>> >>>> Colm. >>>> >>>> >>>> On Mon, Jul 21, 2014 at 1:33 PM, Puneet Gupta < >>>> [email protected]> >>>> wrote: >>>> >>>> > Hi Colm, >>>> > >>>> > Thanks for investing time in this. My problem is I need to define >>>> security >>>> > at server end. I do have ws-policy.xml but that file does not have >>>> set of >>>> > properties that can define WSS4J configuration. Can you please help me >>>> > identify how I can define WSS4J related properties on server side. >>>> > Following your suggestions I have tried putting mentioned properties >>>> in >>>> > cxf-servlet.xml in below mentioned way (keeping ws-policy.xml same as >>>> > before): >>>> > >>>> > <jaxws:endpoint address="/WSService"> >>>> > <jaxws:implementor> >>>> > <bean id="WSService" >>>> > class="com.test.webservice.WSService" /> >>>> > </jaxws:implementor> >>>> > <jaxws:inInterceptors> >>>> > <bean class="com.test.webservice.AuthHandler"/> >>>> > </jaxws:inInterceptors> >>>> > <jaxws:outInterceptors> >>>> > <bean class="com.test.webservice.LogHandler"/> >>>> > </jaxws:outInterceptors> >>>> > <jaxws:properties> >>>> > <entry key="ws-security.callback-handler" >>>> > value="com.test.webservice.PWCBHandler" /> >>>> > <entry key="ws-security.encryption.properties" >>>> value="service.properties" >>>> > /> >>>> > <entry key="ws-security.encryption.username" value="service" /> >>>> > <entry key="ws-security.signature.properties" >>>> value="service.properties" /> >>>> > <entry key="ws-security.signature.username" value="service" /> >>>> > *<entry key="ws-security.is-bsp-compliant" >>>> > value="false" />* >>>> > </jaxws:properties> >>>> > </jaxws:endpoint> >>>> > >>>> > But doing these changes still I am facing the same problem. Also if I >>>> am >>>> > not putting highlighted property in cxf-servlet.xml then I am facing >>>> below >>>> > mentioned issue >>>> > >>>> > *Caused by: org.apache.ws.security.WSSecurityException: An invalid >>>> > security token was provided (Bad ValueType >>>> > " >>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 >>>> > < >>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 >>>> >")* >>>> > * at >>>> > >>>> org.apache.ws.security.str.BSPEnforcer.checkBinarySecurityBSPCompliance(BSPEnforcer.java:70)* >>>> > * at >>>> > >>>> org.apache.ws.security.str.EncryptedKeySTRParser.parseSecurityTokenReference(EncryptedKeySTRParser.java:117)* >>>> > * at >>>> > >>>> org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:297)* >>>> > * at >>>> > >>>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:114)* >>>> > * at >>>> > >>>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:65)* >>>> > * at >>>> > >>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)* >>>> > * at >>>> > >>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)* >>>> > >>>> > Just want to confirm why we need to put this property in >>>> cxf-servlet.xml. >>>> > Is this the best approach or there is something I am missing. >>>> > >>>> > Thanks again for your time. Looking forward for your response. >>>> > >>>> > Thanks, Puneet, >>>> > >>>> > >>>> > On Mon, Jul 21, 2014 at 3:19 PM, Colm O hEigeartaigh < >>>> [email protected]> >>>> > wrote: >>>> > >>>> >> Hi, >>>> >> >>>> >> You are mixing up the two different ways of configuring WS-Security >>>> in >>>> >> CXF. >>>> >> The "action" based approach involves defining WSS4JOutInterceptor + >>>> >> WSS4JInInterceptors + explicitly adding them to the interceptor >>>> chain. >>>> >> However, when you have a security policy, you don't need to do any >>>> of this >>>> >> as CXF will take care of configuring WSS4J for you. In this case, >>>> you just >>>> >> need to define some JAX-WS properties (keystores etc.). For example, >>>> see >>>> >> the following test configuration: >>>> >> >>>> >> >>>> >> >>>> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob_plain;f=systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client/client.xml;hb=refs/heads/2.7.x-fixes >>>> >> >>>> >> e.g. >>>> >> >>>> >> <jaxws:client name="{ >>>> >> >>>> http://www.example.org/contract/DoubleIt}DoubleItAsymmetricSignEncryptPort >>>> >> " >>>> >> createdFromAPI="true"> >>>> >> <jaxws:properties> >>>> >> <entry key="ws-security.callback-handler" >>>> >> >>>> >> >>>> >> >>>> value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/> >>>> >> <entry key="ws-security.encryption.properties" >>>> >> value="bob.properties"/> >>>> >> <entry key="ws-security.encryption.username" value="bob"/> >>>> >> <entry key="ws-security.signature.properties" >>>> >> value="alice.properties"/> >>>> >> <entry key="ws-security.signature.username" >>>> value="alice"/> >>>> >> </jaxws:properties> >>>> >> </jaxws:client> >>>> >> >>>> >> Colm. >>>> >> >>>> >> >>>> >> On Sat, Jul 19, 2014 at 4:38 PM, Puneet Gupta < >>>> >> [email protected]> >>>> >> wrote: >>>> >> >>>> >> > Hi All, >>>> >> > >>>> >> > I am migrating from Axis2 Web Services to Apache CXF. In axis2, I >>>> had >>>> >> > configured security using Rampart and I have configured it using >>>> >> following >>>> >> > policy settings: >>>> >> > >>>> >> > *<wsp:Policy wsu:Id="SigEncr"* >>>> >> > * >>>> >> > xmlns:wsu=" >>>> >> > >>>> >> >>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>>> >> > < >>>> >> > >>>> >> >>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>>> >> > >"* >>>> >> > * xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy >>>> >> > <http://schemas.xmlsoap.org/ws/2004/09/policy>">* >>>> >> > * <wsp:ExactlyOne>* >>>> >> > * <wsp:All>* >>>> >> > * <sp:AsymmetricBinding* >>>> >> > * xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>> >> > * <wsp:Policy>* >>>> >> > * <sp:InitiatorToken>* >>>> >> > * <wsp:Policy>* >>>> >> > * <sp:X509Token* >>>> >> > * >>>> >> > sp:IncludeToken=" >>>> >> > >>>> >> >>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>> >> > < >>>> >> > >>>> >> >>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>> >> > >">* >>>> >> > * <wsp:Policy>* >>>> >> > * <sp:RequireKeyIdentifierReference />* >>>> >> > * <sp:WssX509V3Token10 />* >>>> >> > * </wsp:Policy>* >>>> >> > * </sp:X509Token>* >>>> >> > * </wsp:Policy>* >>>> >> > * </sp:InitiatorToken>* >>>> >> > * <sp:RecipientToken>* >>>> >> > * <wsp:Policy>* >>>> >> > * <sp:X509Token* >>>> >> > * >>>> >> > sp:IncludeToken=" >>>> >> > >>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never >>>> >> > < >>>> >> >>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never >>>> >> > >">* >>>> >> > * <wsp:Policy>* >>>> >> > * <sp:RequireKeyIdentifierReference />* >>>> >> > * <sp:WssX509V3Token10 />* >>>> >> > * </wsp:Policy>* >>>> >> > * </sp:X509Token>* >>>> >> > * </wsp:Policy>* >>>> >> > * </sp:RecipientToken>* >>>> >> > * <sp:AlgorithmSuite>* >>>> >> > * <wsp:Policy>* >>>> >> > * <sp:TripleDesRsa15 />* >>>> >> > * </wsp:Policy>* >>>> >> > * </sp:AlgorithmSuite>* >>>> >> > * <sp:Layout>* >>>> >> > * <wsp:Policy>* >>>> >> > * <sp:Strict />* >>>> >> > * </wsp:Policy>* >>>> >> > * </sp:Layout>* >>>> >> > * <sp:IncludeTimestamp />* >>>> >> > * <sp:OnlySignEntireHeadersAndBody />* >>>> >> > * </wsp:Policy>* >>>> >> > * </sp:AsymmetricBinding>* >>>> >> > * <sp:Wss10 xmlns:sp=" >>>> >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>> >> > * <wsp:Policy>* >>>> >> > * <sp:MustSupportRefKeyIdentifier />* >>>> >> > * <sp:MustSupportRefIssuerSerial />* >>>> >> > * </wsp:Policy>* >>>> >> > * </sp:Wss10>* >>>> >> > * <sp:SignedParts* >>>> >> > * xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>> >> > * <sp:Body />* >>>> >> > * </sp:SignedParts>* >>>> >> > * <sp:EncryptedParts* >>>> >> > * xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>> >> > * <sp:Body />* >>>> >> > * </sp:EncryptedParts>* >>>> >> > >>>> >> > * <ramp:RampartConfig xmlns:ramp=" >>>> http://ws.apache.org/rampart/policy >>>> >> > <http://ws.apache.org/rampart/policy>">* >>>> >> > * <ramp:user>service</ramp:user>* >>>> >> > * <ramp:encryptionUser>client</ramp:encryptionUser>* >>>> >> > * >>>> >> > >>>> >> > >>>> >> >>>> <ramp:passwordCallbackClass>com.test.webservice.PWCBHandler</ramp:passwordCallbackClass>* >>>> >> > >>>> >> > * <ramp:signatureCrypto>* >>>> >> > * <ramp:crypto >>>> >> provider="org.apache.ws.security.components.crypto.Merlin">* >>>> >> > * <ramp:property* >>>> >> > * >>>> >> > >>>> >> > >>>> >> >>>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>* >>>> >> > * <ramp:property >>>> >> > >>>> >> > >>>> >> >>>> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>* >>>> >> > * <ramp:property* >>>> >> > * >>>> >> > >>>> >> > >>>> >> >>>> name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>* >>>> >> > * </ramp:crypto>* >>>> >> > * </ramp:signatureCrypto>* >>>> >> > * <ramp:encryptionCypto>* >>>> >> > * <ramp:crypto >>>> >> provider="org.apache.ws.security.components.crypto.Merlin">* >>>> >> > * <ramp:property* >>>> >> > * >>>> >> > >>>> >> > >>>> >> >>>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>* >>>> >> > * <ramp:property >>>> >> > >>>> >> > >>>> >> >>>> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>* >>>> >> > * <ramp:property* >>>> >> > * >>>> >> > >>>> >> > >>>> >> >>>> name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>* >>>> >> > * </ramp:crypto>* >>>> >> > * </ramp:encryptionCypto>* >>>> >> > * </ramp:RampartConfig>* >>>> >> > * </wsp:All>* >>>> >> > * </wsp:ExactlyOne>* >>>> >> > * </wsp:Policy>* >>>> >> > >>>> >> > In Apache CXF, I am trying to configure the security following >>>> below >>>> >> steps: >>>> >> > >>>> >> > 1. I have created as ws-policy.xml file and is placed under >>>> >> WEB-INF/classes >>>> >> > folder. I am providing this policy file to service class using >>>> @Policies >>>> >> > annotation. Ex: >>>> >> > >>>> >> > >>>> >> > *@Policy(uri = "ws-policy.xml")* >>>> >> > *@WebService(targetNamespace = "http://webservice.test.com >>>> >> > <http://webservice.test.com>", name = "WSServicePortType")* >>>> >> > *public class WSService {* >>>> >> > *//Service method goes here.* >>>> >> > *}* >>>> >> > >>>> >> > Contents of ws-policy.xml is as follows: >>>> >> > >>>> >> > *<wsp:Policy* >>>> >> > * >>>> >> > xmlns:wsu=" >>>> >> > >>>> >> >>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>>> >> > < >>>> >> > >>>> >> >>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>>> >> > >"* >>>> >> > * xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy >>>> >> > <http://schemas.xmlsoap.org/ws/2004/09/policy>">* >>>> >> > >>>> >> > * <sp:AsymmetricBinding* >>>> >> > * xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>> >> > * <wsp:Policy>* >>>> >> > * <sp:InitiatorToken>* >>>> >> > * <wsp:Policy>* >>>> >> > * <sp:X509Token* >>>> >> > * >>>> >> > sp:IncludeToken=" >>>> >> > >>>> >> >>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>> >> > < >>>> >> > >>>> >> >>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>> >> > >">* >>>> >> > * <wsp:Policy>* >>>> >> > * <sp:RequireIssuerSerialReference />* >>>> >> > * </wsp:Policy>* >>>> >> > * </sp:X509Token>* >>>> >> > * </wsp:Policy>* >>>> >> > * </sp:InitiatorToken>* >>>> >> > * <sp:RecipientToken>* >>>> >> > * <wsp:Policy>* >>>> >> > * <sp:X509Token* >>>> >> > * >>>> >> > sp:IncludeToken=" >>>> >> > >>>> >> >>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>> >> > < >>>> >> > >>>> >> >>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>> >> > >">* >>>> >> > * <wsp:Policy>* >>>> >> > * <sp:RequireIssuerSerialReference />* >>>> >> > * </wsp:Policy>* >>>> >> > * </sp:X509Token>* >>>> >> > * </wsp:Policy>* >>>> >> > * </sp:RecipientToken>* >>>> >> > * <sp:AlgorithmSuite>* >>>> >> > * <wsp:Policy>* >>>> >> > * <sp:TripleDesRsa15 />* >>>> >> > * </wsp:Policy>* >>>> >> > * </sp:AlgorithmSuite>* >>>> >> > * <sp:Layout>* >>>> >> > * <wsp:Policy>* >>>> >> > * <sp:Strict />* >>>> >> > * </wsp:Policy>* >>>> >> > * </sp:Layout>* >>>> >> > * </wsp:Policy>* >>>> >> > * </sp:AsymmetricBinding>* >>>> >> > >>>> >> > * <sp:Wss10 xmlns:sp=" >>>> >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>> >> > * <wsp:Policy>* >>>> >> > * <sp:MustSupportRefKeyIdentifier />* >>>> >> > * <sp:MustSupportRefIssuerSerial />* >>>> >> > * </wsp:Policy>* >>>> >> > * </sp:Wss10>* >>>> >> > * <sp:SignedParts >>>> >> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>> >> > * <sp:Body />* >>>> >> > * </sp:SignedParts>* >>>> >> > * <sp:EncryptedParts* >>>> >> > * xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>> >> > * <sp:Body />* >>>> >> > * </sp:EncryptedParts>* >>>> >> > *</wsp:Policy>* >>>> >> > >>>> >> > 2. To configure WSS4J, I am using following snippet in >>>> cxf-servlet.xml: >>>> >> > >>>> >> > * <jaxws:endpoint address="/WSService">* >>>> >> > * <jaxws:implementor>* >>>> >> > * <bean id="WSService"* >>>> >> > * class="com.test.webservice.WSService" />* >>>> >> > * </jaxws:implementor>* >>>> >> > * <jaxws:inInterceptors>* >>>> >> > * <ref bean="wss4jInConfiguration" />* >>>> >> > * <bean class="com.test.webservice.AuthHandler">* >>>> >> > * </bean>* >>>> >> > * </jaxws:inInterceptors>* >>>> >> > * <jaxws:outInterceptors>* >>>> >> > * <ref bean="wss4jOutConfiguration" />* >>>> >> > * <bean class="com.test.webservice.LogHandler">* >>>> >> > * </bean>* >>>> >> > * </jaxws:outInterceptors>* >>>> >> > * <jaxws:properties>* >>>> >> > * <entry key="ws-security.is-bsp-compliant" value="false" />* >>>> >> > * </jaxws:properties>* >>>> >> > * </jaxws:endpoint>* >>>> >> > >>>> >> > * <bean id="wss4jInConfiguration" >>>> >> > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">* >>>> >> > * <constructor-arg>* >>>> >> > * <map>* >>>> >> > * <entry key="action" value="Signature Encrypt Timestamp" />* >>>> >> > * <entry key="signaturePropFile" value="service.properties" />* >>>> >> > * <entry key="decryptionPropFile" value="service.properties" />* >>>> >> > * <entry key="encryptionPropFile" value="service.properties" />* >>>> >> > * <entry key="passwordCallbackClass" >>>> >> > value="com.test.webservice.PWCBHandler" />* >>>> >> > * </map>* >>>> >> > * </constructor-arg>* >>>> >> > * </bean>* >>>> >> > >>>> >> > * <bean id="wss4jOutConfiguration" >>>> >> > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">* >>>> >> > * <constructor-arg>* >>>> >> > * <map>* >>>> >> > * <entry key="action" value="Timestamp Signature Encrypt" />* >>>> >> > * <entry key="passwordCallbackClass" >>>> >> > value="com.test.webservice.PWCBHandler" />* >>>> >> > * <entry key="signaturePropFile" value="service.properties" />* >>>> >> > * <entry key="encryptionPropFile" value="service.properties" />* >>>> >> > * <entry key="decryptionPropFile" value="service.properties" />* >>>> >> > * </map>* >>>> >> > * </constructor-arg>* >>>> >> > * </bean>* >>>> >> > >>>> >> > service.properties is also present in WEB-INF/classes folder. Its >>>> >> content >>>> >> > are as below: >>>> >> > >>>> >> > >>>> >> > >>>> >> >>>> *org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin* >>>> >> > *org.apache.ws.security.crypto.merlin.keystore.type=jks* >>>> >> > *org.apache.ws.security.crypto.merlin.keystore.password=password* >>>> >> > *org.apache.ws.security.crypto.merlin.file=service.jks* >>>> >> > >>>> >> > Using above configuration I am getting below mentioned exception >>>> when I >>>> >> am >>>> >> > trying to access web service through client which is configured >>>> using >>>> >> same >>>> >> > security setting which I used while I was in axis2: >>>> >> > >>>> >> > 20:49:21,744 WARN [ws.security.wss4j.WSS4JInInterceptor >>>> ] >>>> >> - >>>> >> > org.apache.ws.security.WSSecurityException: The signature or >>>> decryption >>>> >> was >>>> >> > invalid >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:450) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:241) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206) >>>> >> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:647) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) >>>> >> > at >>>> >> > >>>> >> >>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) >>>> >> > at >>>> >> > >>>> >> >>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310) >>>> >> > at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown >>>> Source) >>>> >> > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown >>>> Source) >>>> >> > at java.lang.Thread.run(Unknown Source) >>>> >> > 20:49:21,745 WARN [apache.cxf.phase.PhaseInterceptorChain >>>> ] >>>> >> - >>>> >> > Interceptor for {http://webservice.test.com >>>> >> > }WSAmandaSecurityServiceService#{ >>>> >> > http://webservice.test.com}authenticateUser has thrown exception, >>>> >> > unwinding >>>> >> > now >>>> >> > org.apache.cxf.binding.soap.SoapFault: The signature or decryption >>>> was >>>> >> > invalid >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:850) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:327) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:241) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206) >>>> >> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:647) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) >>>> >> > at >>>> >> > >>>> >> >>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) >>>> >> > at >>>> >> > >>>> >> >>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310) >>>> >> > at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown >>>> Source) >>>> >> > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown >>>> Source) >>>> >> > at java.lang.Thread.run(Unknown Source) >>>> >> > Caused by: org.apache.ws.security.WSSecurityException: The >>>> signature or >>>> >> > decryption was invalid >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:450) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) >>>> >> > at >>>> >> > >>>> >> > >>>> >> >>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270) >>>> >> > ... 28 test >>>> >> > >>>> >> > >>>> >> > Can anyone help me identify if I am missing anything while >>>> configuring >>>> >> > WSS4J in apache cxf, so that I can use same client to access cxf >>>> web >>>> >> > service? >>>> >> > >>>> >> > Thanks for your time and help. >>>> >> > >>>> >> > Regards, Puneet. >>>> >> > >>>> >> >>>> >> >>>> >> >>>> >> -- >>>> >> Colm O hEigeartaigh >>>> >> >>>> >> Talend Community Coder >>>> >> http://coders.talend.com >>>> >> >>>> > >>>> > >>>> >>>> >>>> -- >>>> Colm O hEigeartaigh >>>> >>>> Talend Community Coder >>>> http://coders.talend.com >>>> >>> >>> >> > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
