Hi Colm, Following your suggestion I have removed WSS4J+XML Sec from pom.xml. Now dependency included by cxf-rt-ws-security is wss4j-1.6.15 and xmlsec-1.5.6 respectively. But getting same exception I was getting earlier:
*Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid* * at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:451)* * at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231)* * at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)* * at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)* * ... 29 more* Sorry for keep on bothering you. Please guide me further. Regards, Puneet. On Wed, Aug 6, 2014 at 8:07 PM, Colm O hEigeartaigh <[email protected]> wrote: > > Without running the project, one immediate error I see is that you are > including XML Security 2.0.0. This is not compatible with WSS4J 1.6.x or > CXF 2.7.x. WSS4J + XML Security will get pulled in from the > cxf-rt-ws-security dependency anyway, so just remove WSS4J + XML Security > from the pom + see if this works. > > Colm. > > > On Wed, Aug 6, 2014 at 7:40 AM, Puneet Gupta <[email protected]> > wrote: > >> Hi Colm, >> >> Please find attached zip file containing: >> >> 1. A sample service with source code(demo-security.zip). >> 2. A Sample SOAP UI (DemoSecurity-soapui-project.xml) project with >> security configured in the project itself. (Generally we are using SOAP UI >> for testing our service in development environment. Using Axis2 we had same >> configuration in SOAP UI and there wss4j worked for us.) >> 3. Attached zip file also contains a generated client.jks file which you >> will need to point in your local environment while working through SOAP UI. >> 4. A bat file which contains detailed steps which I followed to generate >> key stores. I used jdk1.7.0_15 to generate key stores. >> >> Waiting for your response. Any pointers where I am missing the trick is >> highly appreciated. >> >> Regards, >> Puneet. >> >> >> On Thu, Jul 31, 2014 at 3:01 PM, Puneet Gupta < >> [email protected]> wrote: >> >>> Also I tried enabling logging information by specifying following >>> property in Tomcat launch configuration, but haven't found anything >>> relevant information there: >>> >>> >>> -Djava.util.logging.config.file=C:\Users\p.gupta\Desktop\logging.properties >>> -Dorg.apache.cxf.Logger=org.apache.cxf.common.logging.Slf4jLogger >>> >>> I have set logging level to Finest in logging.properties. >>> >>> Thanks, Puneet. >>> >>> >>> On Thu, Jul 31, 2014 at 2:58 PM, Puneet Gupta < >>> [email protected]> wrote: >>> >>>> Hi Colm, >>>> >>>> Can you please help me understand what exactly you want in sample test >>>> case. Should I send you a sample project with all current configuration and >>>> a sample client in which I am facing this issue? Would that be sufficient? >>>> >>>> Please note that I am using SOAP UI as testing tool for my service. I >>>> am getting "BSP" error on client that is created in SOAP UI. I haven't >>>> tried creating a CXF client yet. >>>> >>>> Thanks for your patience. >>>> >>>> Puneet. >>>> >>>> >>>> On Tue, Jul 22, 2014 at 2:57 PM, Colm O hEigeartaigh < >>>> [email protected]> wrote: >>>> >>>>> Hi, >>>>> >>>>> Your approach of adding the security properties as "jaxws:properties" >>>>> for >>>>> the Endpoint is correct. If you are still seeing the error at >>>>> >>>>> "org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature" >>>>> then I recommend turning logging up to "DEBUG" setting + having a look. >>>>> This will tell you exactly where/why signature validation is failing. >>>>> The >>>>> likelihood is that the signing certificate is not trusted by the >>>>> service >>>>> endpoint. If you are still really stuck, then if you create a >>>>> test-case to >>>>> reproduce the problem I will take a look. >>>>> >>>>> With regards to the "BSP" error, could you paste the content of the >>>>> EncryptedKey structure in the security header into a mail? Is the >>>>> client a >>>>> CXF client or a third party product? This type of error occurs when no >>>>> "ValueType" attribute is present (or the wrong one is used), which is >>>>> required by the Basic Security Profile specification. >>>>> >>>>> Colm. >>>>> >>>>> >>>>> On Mon, Jul 21, 2014 at 1:33 PM, Puneet Gupta < >>>>> [email protected]> >>>>> wrote: >>>>> >>>>> > Hi Colm, >>>>> > >>>>> > Thanks for investing time in this. My problem is I need to define >>>>> security >>>>> > at server end. I do have ws-policy.xml but that file does not have >>>>> set of >>>>> > properties that can define WSS4J configuration. Can you please help >>>>> me >>>>> > identify how I can define WSS4J related properties on server side. >>>>> > Following your suggestions I have tried putting mentioned properties >>>>> in >>>>> > cxf-servlet.xml in below mentioned way (keeping ws-policy.xml same as >>>>> > before): >>>>> > >>>>> > <jaxws:endpoint address="/WSService"> >>>>> > <jaxws:implementor> >>>>> > <bean id="WSService" >>>>> > class="com.test.webservice.WSService" /> >>>>> > </jaxws:implementor> >>>>> > <jaxws:inInterceptors> >>>>> > <bean class="com.test.webservice.AuthHandler"/> >>>>> > </jaxws:inInterceptors> >>>>> > <jaxws:outInterceptors> >>>>> > <bean class="com.test.webservice.LogHandler"/> >>>>> > </jaxws:outInterceptors> >>>>> > <jaxws:properties> >>>>> > <entry key="ws-security.callback-handler" >>>>> > value="com.test.webservice.PWCBHandler" /> >>>>> > <entry key="ws-security.encryption.properties" >>>>> value="service.properties" >>>>> > /> >>>>> > <entry key="ws-security.encryption.username" value="service" /> >>>>> > <entry key="ws-security.signature.properties" >>>>> value="service.properties" /> >>>>> > <entry key="ws-security.signature.username" value="service" /> >>>>> > *<entry key="ws-security.is-bsp-compliant" >>>>> > value="false" />* >>>>> > </jaxws:properties> >>>>> > </jaxws:endpoint> >>>>> > >>>>> > But doing these changes still I am facing the same problem. Also if >>>>> I am >>>>> > not putting highlighted property in cxf-servlet.xml then I am facing >>>>> below >>>>> > mentioned issue >>>>> > >>>>> > *Caused by: org.apache.ws.security.WSSecurityException: An invalid >>>>> > security token was provided (Bad ValueType >>>>> > " >>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 >>>>> > < >>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 >>>>> >")* >>>>> > * at >>>>> > >>>>> org.apache.ws.security.str.BSPEnforcer.checkBinarySecurityBSPCompliance(BSPEnforcer.java:70)* >>>>> > * at >>>>> > >>>>> org.apache.ws.security.str.EncryptedKeySTRParser.parseSecurityTokenReference(EncryptedKeySTRParser.java:117)* >>>>> > * at >>>>> > >>>>> org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:297)* >>>>> > * at >>>>> > >>>>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:114)* >>>>> > * at >>>>> > >>>>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:65)* >>>>> > * at >>>>> > >>>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)* >>>>> > * at >>>>> > >>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)* >>>>> > >>>>> > Just want to confirm why we need to put this property in >>>>> cxf-servlet.xml. >>>>> > Is this the best approach or there is something I am missing. >>>>> > >>>>> > Thanks again for your time. Looking forward for your response. >>>>> > >>>>> > Thanks, Puneet, >>>>> > >>>>> > >>>>> > On Mon, Jul 21, 2014 at 3:19 PM, Colm O hEigeartaigh < >>>>> [email protected]> >>>>> > wrote: >>>>> > >>>>> >> Hi, >>>>> >> >>>>> >> You are mixing up the two different ways of configuring WS-Security >>>>> in >>>>> >> CXF. >>>>> >> The "action" based approach involves defining WSS4JOutInterceptor + >>>>> >> WSS4JInInterceptors + explicitly adding them to the interceptor >>>>> chain. >>>>> >> However, when you have a security policy, you don't need to do any >>>>> of this >>>>> >> as CXF will take care of configuring WSS4J for you. In this case, >>>>> you just >>>>> >> need to define some JAX-WS properties (keystores etc.). For >>>>> example, see >>>>> >> the following test configuration: >>>>> >> >>>>> >> >>>>> >> >>>>> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob_plain;f=systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client/client.xml;hb=refs/heads/2.7.x-fixes >>>>> >> >>>>> >> e.g. >>>>> >> >>>>> >> <jaxws:client name="{ >>>>> >> >>>>> http://www.example.org/contract/DoubleIt}DoubleItAsymmetricSignEncryptPort >>>>> >> " >>>>> >> createdFromAPI="true"> >>>>> >> <jaxws:properties> >>>>> >> <entry key="ws-security.callback-handler" >>>>> >> >>>>> >> >>>>> >> >>>>> value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/> >>>>> >> <entry key="ws-security.encryption.properties" >>>>> >> value="bob.properties"/> >>>>> >> <entry key="ws-security.encryption.username" >>>>> value="bob"/> >>>>> >> <entry key="ws-security.signature.properties" >>>>> >> value="alice.properties"/> >>>>> >> <entry key="ws-security.signature.username" >>>>> value="alice"/> >>>>> >> </jaxws:properties> >>>>> >> </jaxws:client> >>>>> >> >>>>> >> Colm. >>>>> >> >>>>> >> >>>>> >> On Sat, Jul 19, 2014 at 4:38 PM, Puneet Gupta < >>>>> >> [email protected]> >>>>> >> wrote: >>>>> >> >>>>> >> > Hi All, >>>>> >> > >>>>> >> > I am migrating from Axis2 Web Services to Apache CXF. In axis2, I >>>>> had >>>>> >> > configured security using Rampart and I have configured it using >>>>> >> following >>>>> >> > policy settings: >>>>> >> > >>>>> >> > *<wsp:Policy wsu:Id="SigEncr"* >>>>> >> > * >>>>> >> > xmlns:wsu=" >>>>> >> > >>>>> >> >>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>>>> >> > < >>>>> >> > >>>>> >> >>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>>>> >> > >"* >>>>> >> > * xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy >>>>> >> > <http://schemas.xmlsoap.org/ws/2004/09/policy>">* >>>>> >> > * <wsp:ExactlyOne>* >>>>> >> > * <wsp:All>* >>>>> >> > * <sp:AsymmetricBinding* >>>>> >> > * xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>> >> > * <wsp:Policy>* >>>>> >> > * <sp:InitiatorToken>* >>>>> >> > * <wsp:Policy>* >>>>> >> > * <sp:X509Token* >>>>> >> > * >>>>> >> > sp:IncludeToken=" >>>>> >> > >>>>> >> >>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>>> >> > < >>>>> >> > >>>>> >> >>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>>> >> > >">* >>>>> >> > * <wsp:Policy>* >>>>> >> > * <sp:RequireKeyIdentifierReference />* >>>>> >> > * <sp:WssX509V3Token10 />* >>>>> >> > * </wsp:Policy>* >>>>> >> > * </sp:X509Token>* >>>>> >> > * </wsp:Policy>* >>>>> >> > * </sp:InitiatorToken>* >>>>> >> > * <sp:RecipientToken>* >>>>> >> > * <wsp:Policy>* >>>>> >> > * <sp:X509Token* >>>>> >> > * >>>>> >> > sp:IncludeToken=" >>>>> >> > >>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never >>>>> >> > < >>>>> >> >>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never >>>>> >> > >">* >>>>> >> > * <wsp:Policy>* >>>>> >> > * <sp:RequireKeyIdentifierReference />* >>>>> >> > * <sp:WssX509V3Token10 />* >>>>> >> > * </wsp:Policy>* >>>>> >> > * </sp:X509Token>* >>>>> >> > * </wsp:Policy>* >>>>> >> > * </sp:RecipientToken>* >>>>> >> > * <sp:AlgorithmSuite>* >>>>> >> > * <wsp:Policy>* >>>>> >> > * <sp:TripleDesRsa15 />* >>>>> >> > * </wsp:Policy>* >>>>> >> > * </sp:AlgorithmSuite>* >>>>> >> > * <sp:Layout>* >>>>> >> > * <wsp:Policy>* >>>>> >> > * <sp:Strict />* >>>>> >> > * </wsp:Policy>* >>>>> >> > * </sp:Layout>* >>>>> >> > * <sp:IncludeTimestamp />* >>>>> >> > * <sp:OnlySignEntireHeadersAndBody />* >>>>> >> > * </wsp:Policy>* >>>>> >> > * </sp:AsymmetricBinding>* >>>>> >> > * <sp:Wss10 xmlns:sp=" >>>>> >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>> >> > * <wsp:Policy>* >>>>> >> > * <sp:MustSupportRefKeyIdentifier />* >>>>> >> > * <sp:MustSupportRefIssuerSerial />* >>>>> >> > * </wsp:Policy>* >>>>> >> > * </sp:Wss10>* >>>>> >> > * <sp:SignedParts* >>>>> >> > * xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>> >> > * <sp:Body />* >>>>> >> > * </sp:SignedParts>* >>>>> >> > * <sp:EncryptedParts* >>>>> >> > * xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>> >> > * <sp:Body />* >>>>> >> > * </sp:EncryptedParts>* >>>>> >> > >>>>> >> > * <ramp:RampartConfig xmlns:ramp=" >>>>> http://ws.apache.org/rampart/policy >>>>> >> > <http://ws.apache.org/rampart/policy>">* >>>>> >> > * <ramp:user>service</ramp:user>* >>>>> >> > * <ramp:encryptionUser>client</ramp:encryptionUser>* >>>>> >> > * >>>>> >> > >>>>> >> > >>>>> >> >>>>> <ramp:passwordCallbackClass>com.test.webservice.PWCBHandler</ramp:passwordCallbackClass>* >>>>> >> > >>>>> >> > * <ramp:signatureCrypto>* >>>>> >> > * <ramp:crypto >>>>> >> provider="org.apache.ws.security.components.crypto.Merlin">* >>>>> >> > * <ramp:property* >>>>> >> > * >>>>> >> > >>>>> >> > >>>>> >> >>>>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>* >>>>> >> > * <ramp:property >>>>> >> > >>>>> >> > >>>>> >> >>>>> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>* >>>>> >> > * <ramp:property* >>>>> >> > * >>>>> >> > >>>>> >> > >>>>> >> >>>>> name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>* >>>>> >> > * </ramp:crypto>* >>>>> >> > * </ramp:signatureCrypto>* >>>>> >> > * <ramp:encryptionCypto>* >>>>> >> > * <ramp:crypto >>>>> >> provider="org.apache.ws.security.components.crypto.Merlin">* >>>>> >> > * <ramp:property* >>>>> >> > * >>>>> >> > >>>>> >> > >>>>> >> >>>>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>* >>>>> >> > * <ramp:property >>>>> >> > >>>>> >> > >>>>> >> >>>>> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>* >>>>> >> > * <ramp:property* >>>>> >> > * >>>>> >> > >>>>> >> > >>>>> >> >>>>> name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>* >>>>> >> > * </ramp:crypto>* >>>>> >> > * </ramp:encryptionCypto>* >>>>> >> > * </ramp:RampartConfig>* >>>>> >> > * </wsp:All>* >>>>> >> > * </wsp:ExactlyOne>* >>>>> >> > * </wsp:Policy>* >>>>> >> > >>>>> >> > In Apache CXF, I am trying to configure the security following >>>>> below >>>>> >> steps: >>>>> >> > >>>>> >> > 1. I have created as ws-policy.xml file and is placed under >>>>> >> WEB-INF/classes >>>>> >> > folder. I am providing this policy file to service class using >>>>> @Policies >>>>> >> > annotation. Ex: >>>>> >> > >>>>> >> > >>>>> >> > *@Policy(uri = "ws-policy.xml")* >>>>> >> > *@WebService(targetNamespace = "http://webservice.test.com >>>>> >> > <http://webservice.test.com>", name = "WSServicePortType")* >>>>> >> > *public class WSService {* >>>>> >> > *//Service method goes here.* >>>>> >> > *}* >>>>> >> > >>>>> >> > Contents of ws-policy.xml is as follows: >>>>> >> > >>>>> >> > *<wsp:Policy* >>>>> >> > * >>>>> >> > xmlns:wsu=" >>>>> >> > >>>>> >> >>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>>>> >> > < >>>>> >> > >>>>> >> >>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>>>> >> > >"* >>>>> >> > * xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy >>>>> >> > <http://schemas.xmlsoap.org/ws/2004/09/policy>">* >>>>> >> > >>>>> >> > * <sp:AsymmetricBinding* >>>>> >> > * xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>> >> > * <wsp:Policy>* >>>>> >> > * <sp:InitiatorToken>* >>>>> >> > * <wsp:Policy>* >>>>> >> > * <sp:X509Token* >>>>> >> > * >>>>> >> > sp:IncludeToken=" >>>>> >> > >>>>> >> >>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>>> >> > < >>>>> >> > >>>>> >> >>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>>> >> > >">* >>>>> >> > * <wsp:Policy>* >>>>> >> > * <sp:RequireIssuerSerialReference />* >>>>> >> > * </wsp:Policy>* >>>>> >> > * </sp:X509Token>* >>>>> >> > * </wsp:Policy>* >>>>> >> > * </sp:InitiatorToken>* >>>>> >> > * <sp:RecipientToken>* >>>>> >> > * <wsp:Policy>* >>>>> >> > * <sp:X509Token* >>>>> >> > * >>>>> >> > sp:IncludeToken=" >>>>> >> > >>>>> >> >>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>>> >> > < >>>>> >> > >>>>> >> >>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>>> >> > >">* >>>>> >> > * <wsp:Policy>* >>>>> >> > * <sp:RequireIssuerSerialReference />* >>>>> >> > * </wsp:Policy>* >>>>> >> > * </sp:X509Token>* >>>>> >> > * </wsp:Policy>* >>>>> >> > * </sp:RecipientToken>* >>>>> >> > * <sp:AlgorithmSuite>* >>>>> >> > * <wsp:Policy>* >>>>> >> > * <sp:TripleDesRsa15 />* >>>>> >> > * </wsp:Policy>* >>>>> >> > * </sp:AlgorithmSuite>* >>>>> >> > * <sp:Layout>* >>>>> >> > * <wsp:Policy>* >>>>> >> > * <sp:Strict />* >>>>> >> > * </wsp:Policy>* >>>>> >> > * </sp:Layout>* >>>>> >> > * </wsp:Policy>* >>>>> >> > * </sp:AsymmetricBinding>* >>>>> >> > >>>>> >> > * <sp:Wss10 xmlns:sp=" >>>>> >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>> >> > * <wsp:Policy>* >>>>> >> > * <sp:MustSupportRefKeyIdentifier />* >>>>> >> > * <sp:MustSupportRefIssuerSerial />* >>>>> >> > * </wsp:Policy>* >>>>> >> > * </sp:Wss10>* >>>>> >> > * <sp:SignedParts >>>>> >> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>> >> > * <sp:Body />* >>>>> >> > * </sp:SignedParts>* >>>>> >> > * <sp:EncryptedParts* >>>>> >> > * xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>> >> > * <sp:Body />* >>>>> >> > * </sp:EncryptedParts>* >>>>> >> > *</wsp:Policy>* >>>>> >> > >>>>> >> > 2. To configure WSS4J, I am using following snippet in >>>>> cxf-servlet.xml: >>>>> >> > >>>>> >> > * <jaxws:endpoint address="/WSService">* >>>>> >> > * <jaxws:implementor>* >>>>> >> > * <bean id="WSService"* >>>>> >> > * class="com.test.webservice.WSService" />* >>>>> >> > * </jaxws:implementor>* >>>>> >> > * <jaxws:inInterceptors>* >>>>> >> > * <ref bean="wss4jInConfiguration" />* >>>>> >> > * <bean class="com.test.webservice.AuthHandler">* >>>>> >> > * </bean>* >>>>> >> > * </jaxws:inInterceptors>* >>>>> >> > * <jaxws:outInterceptors>* >>>>> >> > * <ref bean="wss4jOutConfiguration" />* >>>>> >> > * <bean class="com.test.webservice.LogHandler">* >>>>> >> > * </bean>* >>>>> >> > * </jaxws:outInterceptors>* >>>>> >> > * <jaxws:properties>* >>>>> >> > * <entry key="ws-security.is-bsp-compliant" value="false" />* >>>>> >> > * </jaxws:properties>* >>>>> >> > * </jaxws:endpoint>* >>>>> >> > >>>>> >> > * <bean id="wss4jInConfiguration" >>>>> >> > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">* >>>>> >> > * <constructor-arg>* >>>>> >> > * <map>* >>>>> >> > * <entry key="action" value="Signature Encrypt Timestamp" />* >>>>> >> > * <entry key="signaturePropFile" value="service.properties" />* >>>>> >> > * <entry key="decryptionPropFile" value="service.properties" />* >>>>> >> > * <entry key="encryptionPropFile" value="service.properties" />* >>>>> >> > * <entry key="passwordCallbackClass" >>>>> >> > value="com.test.webservice.PWCBHandler" />* >>>>> >> > * </map>* >>>>> >> > * </constructor-arg>* >>>>> >> > * </bean>* >>>>> >> > >>>>> >> > * <bean id="wss4jOutConfiguration" >>>>> >> > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">* >>>>> >> > * <constructor-arg>* >>>>> >> > * <map>* >>>>> >> > * <entry key="action" value="Timestamp Signature Encrypt" />* >>>>> >> > * <entry key="passwordCallbackClass" >>>>> >> > value="com.test.webservice.PWCBHandler" />* >>>>> >> > * <entry key="signaturePropFile" value="service.properties" />* >>>>> >> > * <entry key="encryptionPropFile" value="service.properties" />* >>>>> >> > * <entry key="decryptionPropFile" value="service.properties" />* >>>>> >> > * </map>* >>>>> >> > * </constructor-arg>* >>>>> >> > * </bean>* >>>>> >> > >>>>> >> > service.properties is also present in WEB-INF/classes folder. Its >>>>> >> content >>>>> >> > are as below: >>>>> >> > >>>>> >> > >>>>> >> > >>>>> >> >>>>> *org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin* >>>>> >> > *org.apache.ws.security.crypto.merlin.keystore.type=jks* >>>>> >> > *org.apache.ws.security.crypto.merlin.keystore.password=password* >>>>> >> > *org.apache.ws.security.crypto.merlin.file=service.jks* >>>>> >> > >>>>> >> > Using above configuration I am getting below mentioned exception >>>>> when I >>>>> >> am >>>>> >> > trying to access web service through client which is configured >>>>> using >>>>> >> same >>>>> >> > security setting which I used while I was in axis2: >>>>> >> > >>>>> >> > 20:49:21,744 WARN [ws.security.wss4j.WSS4JInInterceptor >>>>> ] >>>>> >> - >>>>> >> > org.apache.ws.security.WSSecurityException: The signature or >>>>> decryption >>>>> >> was >>>>> >> > invalid >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:450) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:241) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206) >>>>> >> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:647) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) >>>>> >> > at >>>>> >> > >>>>> >> >>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) >>>>> >> > at >>>>> >> > >>>>> >> >>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310) >>>>> >> > at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown >>>>> Source) >>>>> >> > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown >>>>> Source) >>>>> >> > at java.lang.Thread.run(Unknown Source) >>>>> >> > 20:49:21,745 WARN [apache.cxf.phase.PhaseInterceptorChain >>>>> ] >>>>> >> - >>>>> >> > Interceptor for {http://webservice.test.com >>>>> >> > }WSAmandaSecurityServiceService#{ >>>>> >> > http://webservice.test.com}authenticateUser has thrown exception, >>>>> >> > unwinding >>>>> >> > now >>>>> >> > org.apache.cxf.binding.soap.SoapFault: The signature or >>>>> decryption was >>>>> >> > invalid >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:850) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:327) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:241) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206) >>>>> >> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:647) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) >>>>> >> > at >>>>> >> > >>>>> >> >>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) >>>>> >> > at >>>>> >> > >>>>> >> >>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310) >>>>> >> > at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown >>>>> Source) >>>>> >> > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown >>>>> Source) >>>>> >> > at java.lang.Thread.run(Unknown Source) >>>>> >> > Caused by: org.apache.ws.security.WSSecurityException: The >>>>> signature or >>>>> >> > decryption was invalid >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:450) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) >>>>> >> > at >>>>> >> > >>>>> >> > >>>>> >> >>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270) >>>>> >> > ... 28 test >>>>> >> > >>>>> >> > >>>>> >> > Can anyone help me identify if I am missing anything while >>>>> configuring >>>>> >> > WSS4J in apache cxf, so that I can use same client to access cxf >>>>> web >>>>> >> > service? >>>>> >> > >>>>> >> > Thanks for your time and help. >>>>> >> > >>>>> >> > Regards, Puneet. >>>>> >> > >>>>> >> >>>>> >> >>>>> >> >>>>> >> -- >>>>> >> Colm O hEigeartaigh >>>>> >> >>>>> >> Talend Community Coder >>>>> >> http://coders.talend.com >>>>> >> >>>>> > >>>>> > >>>>> >>>>> >>>>> -- >>>>> Colm O hEigeartaigh >>>>> >>>>> Talend Community Coder >>>>> http://coders.talend.com >>>>> >>>> >>>> >>> >> > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
