Hi Colm, I know you were on vacation last week, but if you can find some time to look into it, will be highly appreciated.
Regards, Puneet. On Fri, Aug 8, 2014 at 10:46 AM, Puneet Gupta <[email protected]> wrote: > I am also attaching modified project. Please use it if required. > > Thanks. > > > On Fri, Aug 8, 2014 at 10:45 AM, Puneet Gupta <[email protected] > > wrote: > >> Hi Colm, >> >> Following your suggestion I have removed WSS4J+XML Sec from pom.xml. Now >> dependency included by cxf-rt-ws-security is wss4j-1.6.15 >> and xmlsec-1.5.6 respectively. But getting same exception I was getting >> earlier: >> >> *Caused by: org.apache.ws.security.WSSecurityException: The signature or >> decryption was invalid* >> * at >> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:451)* >> * at >> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231)* >> * at >> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)* >> * at >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)* >> * ... 29 more* >> >> Sorry for keep on bothering you. Please guide me further. >> >> Regards, Puneet. >> >> >> On Wed, Aug 6, 2014 at 8:07 PM, Colm O hEigeartaigh <[email protected]> >> wrote: >> >>> >>> Without running the project, one immediate error I see is that you are >>> including XML Security 2.0.0. This is not compatible with WSS4J 1.6.x or >>> CXF 2.7.x. WSS4J + XML Security will get pulled in from the >>> cxf-rt-ws-security dependency anyway, so just remove WSS4J + XML Security >>> from the pom + see if this works. >>> >>> Colm. >>> >>> >>> On Wed, Aug 6, 2014 at 7:40 AM, Puneet Gupta < >>> [email protected]> wrote: >>> >>>> Hi Colm, >>>> >>>> Please find attached zip file containing: >>>> >>>> 1. A sample service with source code(demo-security.zip). >>>> 2. A Sample SOAP UI (DemoSecurity-soapui-project.xml) project with >>>> security configured in the project itself. (Generally we are using SOAP UI >>>> for testing our service in development environment. Using Axis2 we had same >>>> configuration in SOAP UI and there wss4j worked for us.) >>>> 3. Attached zip file also contains a generated client.jks file which >>>> you will need to point in your local environment while working through SOAP >>>> UI. >>>> 4. A bat file which contains detailed steps which I followed to >>>> generate key stores. I used jdk1.7.0_15 to generate key stores. >>>> >>>> Waiting for your response. Any pointers where I am missing the trick is >>>> highly appreciated. >>>> >>>> Regards, >>>> Puneet. >>>> >>>> >>>> On Thu, Jul 31, 2014 at 3:01 PM, Puneet Gupta < >>>> [email protected]> wrote: >>>> >>>>> Also I tried enabling logging information by specifying following >>>>> property in Tomcat launch configuration, but haven't found anything >>>>> relevant information there: >>>>> >>>>> >>>>> -Djava.util.logging.config.file=C:\Users\p.gupta\Desktop\logging.properties >>>>> -Dorg.apache.cxf.Logger=org.apache.cxf.common.logging.Slf4jLogger >>>>> >>>>> I have set logging level to Finest in logging.properties. >>>>> >>>>> Thanks, Puneet. >>>>> >>>>> >>>>> On Thu, Jul 31, 2014 at 2:58 PM, Puneet Gupta < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Colm, >>>>>> >>>>>> Can you please help me understand what exactly you want in sample >>>>>> test case. Should I send you a sample project with all current >>>>>> configuration and a sample client in which I am facing this issue? Would >>>>>> that be sufficient? >>>>>> >>>>>> Please note that I am using SOAP UI as testing tool for my service. I >>>>>> am getting "BSP" error on client that is created in SOAP UI. I >>>>>> haven't tried creating a CXF client yet. >>>>>> >>>>>> Thanks for your patience. >>>>>> >>>>>> Puneet. >>>>>> >>>>>> >>>>>> On Tue, Jul 22, 2014 at 2:57 PM, Colm O hEigeartaigh < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> Your approach of adding the security properties as >>>>>>> "jaxws:properties" for >>>>>>> the Endpoint is correct. If you are still seeing the error at >>>>>>> >>>>>>> "org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature" >>>>>>> then I recommend turning logging up to "DEBUG" setting + having a >>>>>>> look. >>>>>>> This will tell you exactly where/why signature validation is >>>>>>> failing. The >>>>>>> likelihood is that the signing certificate is not trusted by the >>>>>>> service >>>>>>> endpoint. If you are still really stuck, then if you create a >>>>>>> test-case to >>>>>>> reproduce the problem I will take a look. >>>>>>> >>>>>>> With regards to the "BSP" error, could you paste the content of the >>>>>>> EncryptedKey structure in the security header into a mail? Is the >>>>>>> client a >>>>>>> CXF client or a third party product? This type of error occurs when >>>>>>> no >>>>>>> "ValueType" attribute is present (or the wrong one is used), which is >>>>>>> required by the Basic Security Profile specification. >>>>>>> >>>>>>> Colm. >>>>>>> >>>>>>> >>>>>>> On Mon, Jul 21, 2014 at 1:33 PM, Puneet Gupta < >>>>>>> [email protected]> >>>>>>> wrote: >>>>>>> >>>>>>> > Hi Colm, >>>>>>> > >>>>>>> > Thanks for investing time in this. My problem is I need to define >>>>>>> security >>>>>>> > at server end. I do have ws-policy.xml but that file does not have >>>>>>> set of >>>>>>> > properties that can define WSS4J configuration. Can you please >>>>>>> help me >>>>>>> > identify how I can define WSS4J related properties on server side. >>>>>>> > Following your suggestions I have tried putting mentioned >>>>>>> properties in >>>>>>> > cxf-servlet.xml in below mentioned way (keeping ws-policy.xml same >>>>>>> as >>>>>>> > before): >>>>>>> > >>>>>>> > <jaxws:endpoint address="/WSService"> >>>>>>> > <jaxws:implementor> >>>>>>> > <bean id="WSService" >>>>>>> > class="com.test.webservice.WSService" /> >>>>>>> > </jaxws:implementor> >>>>>>> > <jaxws:inInterceptors> >>>>>>> > <bean class="com.test.webservice.AuthHandler"/> >>>>>>> > </jaxws:inInterceptors> >>>>>>> > <jaxws:outInterceptors> >>>>>>> > <bean class="com.test.webservice.LogHandler"/> >>>>>>> > </jaxws:outInterceptors> >>>>>>> > <jaxws:properties> >>>>>>> > <entry key="ws-security.callback-handler" >>>>>>> > value="com.test.webservice.PWCBHandler" /> >>>>>>> > <entry key="ws-security.encryption.properties" >>>>>>> value="service.properties" >>>>>>> > /> >>>>>>> > <entry key="ws-security.encryption.username" value="service" /> >>>>>>> > <entry key="ws-security.signature.properties" >>>>>>> value="service.properties" /> >>>>>>> > <entry key="ws-security.signature.username" value="service" /> >>>>>>> > *<entry key="ws-security.is-bsp-compliant" >>>>>>> > value="false" />* >>>>>>> > </jaxws:properties> >>>>>>> > </jaxws:endpoint> >>>>>>> > >>>>>>> > But doing these changes still I am facing the same problem. Also >>>>>>> if I am >>>>>>> > not putting highlighted property in cxf-servlet.xml then I am >>>>>>> facing below >>>>>>> > mentioned issue >>>>>>> > >>>>>>> > *Caused by: org.apache.ws.security.WSSecurityException: An invalid >>>>>>> > security token was provided (Bad ValueType >>>>>>> > " >>>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 >>>>>>> > < >>>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 >>>>>>> >")* >>>>>>> > * at >>>>>>> > >>>>>>> org.apache.ws.security.str.BSPEnforcer.checkBinarySecurityBSPCompliance(BSPEnforcer.java:70)* >>>>>>> > * at >>>>>>> > >>>>>>> org.apache.ws.security.str.EncryptedKeySTRParser.parseSecurityTokenReference(EncryptedKeySTRParser.java:117)* >>>>>>> > * at >>>>>>> > >>>>>>> org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:297)* >>>>>>> > * at >>>>>>> > >>>>>>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:114)* >>>>>>> > * at >>>>>>> > >>>>>>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:65)* >>>>>>> > * at >>>>>>> > >>>>>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)* >>>>>>> > * at >>>>>>> > >>>>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)* >>>>>>> > >>>>>>> > Just want to confirm why we need to put this property in >>>>>>> cxf-servlet.xml. >>>>>>> > Is this the best approach or there is something I am missing. >>>>>>> > >>>>>>> > Thanks again for your time. Looking forward for your response. >>>>>>> > >>>>>>> > Thanks, Puneet, >>>>>>> > >>>>>>> > >>>>>>> > On Mon, Jul 21, 2014 at 3:19 PM, Colm O hEigeartaigh < >>>>>>> [email protected]> >>>>>>> > wrote: >>>>>>> > >>>>>>> >> Hi, >>>>>>> >> >>>>>>> >> You are mixing up the two different ways of configuring >>>>>>> WS-Security in >>>>>>> >> CXF. >>>>>>> >> The "action" based approach involves defining WSS4JOutInterceptor >>>>>>> + >>>>>>> >> WSS4JInInterceptors + explicitly adding them to the interceptor >>>>>>> chain. >>>>>>> >> However, when you have a security policy, you don't need to do >>>>>>> any of this >>>>>>> >> as CXF will take care of configuring WSS4J for you. In this case, >>>>>>> you just >>>>>>> >> need to define some JAX-WS properties (keystores etc.). For >>>>>>> example, see >>>>>>> >> the following test configuration: >>>>>>> >> >>>>>>> >> >>>>>>> >> >>>>>>> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob_plain;f=systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client/client.xml;hb=refs/heads/2.7.x-fixes >>>>>>> >> >>>>>>> >> e.g. >>>>>>> >> >>>>>>> >> <jaxws:client name="{ >>>>>>> >> >>>>>>> http://www.example.org/contract/DoubleIt}DoubleItAsymmetricSignEncryptPort >>>>>>> >> " >>>>>>> >> createdFromAPI="true"> >>>>>>> >> <jaxws:properties> >>>>>>> >> <entry key="ws-security.callback-handler" >>>>>>> >> >>>>>>> >> >>>>>>> >> >>>>>>> value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/> >>>>>>> >> <entry key="ws-security.encryption.properties" >>>>>>> >> value="bob.properties"/> >>>>>>> >> <entry key="ws-security.encryption.username" >>>>>>> value="bob"/> >>>>>>> >> <entry key="ws-security.signature.properties" >>>>>>> >> value="alice.properties"/> >>>>>>> >> <entry key="ws-security.signature.username" >>>>>>> value="alice"/> >>>>>>> >> </jaxws:properties> >>>>>>> >> </jaxws:client> >>>>>>> >> >>>>>>> >> Colm. >>>>>>> >> >>>>>>> >> >>>>>>> >> On Sat, Jul 19, 2014 at 4:38 PM, Puneet Gupta < >>>>>>> >> [email protected]> >>>>>>> >> wrote: >>>>>>> >> >>>>>>> >> > Hi All, >>>>>>> >> > >>>>>>> >> > I am migrating from Axis2 Web Services to Apache CXF. In axis2, >>>>>>> I had >>>>>>> >> > configured security using Rampart and I have configured it using >>>>>>> >> following >>>>>>> >> > policy settings: >>>>>>> >> > >>>>>>> >> > *<wsp:Policy wsu:Id="SigEncr"* >>>>>>> >> > * >>>>>>> >> > xmlns:wsu=" >>>>>>> >> > >>>>>>> >> >>>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>>>>>> >> > < >>>>>>> >> > >>>>>>> >> >>>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>>>>>> >> > >"* >>>>>>> >> > * xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy >>>>>>> >> > <http://schemas.xmlsoap.org/ws/2004/09/policy>">* >>>>>>> >> > * <wsp:ExactlyOne>* >>>>>>> >> > * <wsp:All>* >>>>>>> >> > * <sp:AsymmetricBinding* >>>>>>> >> > * xmlns:sp=" >>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>>>> >> > * <wsp:Policy>* >>>>>>> >> > * <sp:InitiatorToken>* >>>>>>> >> > * <wsp:Policy>* >>>>>>> >> > * <sp:X509Token* >>>>>>> >> > * >>>>>>> >> > sp:IncludeToken=" >>>>>>> >> > >>>>>>> >> >>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>>>>> >> > < >>>>>>> >> > >>>>>>> >> >>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>>>>> >> > >">* >>>>>>> >> > * <wsp:Policy>* >>>>>>> >> > * <sp:RequireKeyIdentifierReference />* >>>>>>> >> > * <sp:WssX509V3Token10 />* >>>>>>> >> > * </wsp:Policy>* >>>>>>> >> > * </sp:X509Token>* >>>>>>> >> > * </wsp:Policy>* >>>>>>> >> > * </sp:InitiatorToken>* >>>>>>> >> > * <sp:RecipientToken>* >>>>>>> >> > * <wsp:Policy>* >>>>>>> >> > * <sp:X509Token* >>>>>>> >> > * >>>>>>> >> > sp:IncludeToken=" >>>>>>> >> > >>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never >>>>>>> >> > < >>>>>>> >> >>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never >>>>>>> >> > >">* >>>>>>> >> > * <wsp:Policy>* >>>>>>> >> > * <sp:RequireKeyIdentifierReference />* >>>>>>> >> > * <sp:WssX509V3Token10 />* >>>>>>> >> > * </wsp:Policy>* >>>>>>> >> > * </sp:X509Token>* >>>>>>> >> > * </wsp:Policy>* >>>>>>> >> > * </sp:RecipientToken>* >>>>>>> >> > * <sp:AlgorithmSuite>* >>>>>>> >> > * <wsp:Policy>* >>>>>>> >> > * <sp:TripleDesRsa15 />* >>>>>>> >> > * </wsp:Policy>* >>>>>>> >> > * </sp:AlgorithmSuite>* >>>>>>> >> > * <sp:Layout>* >>>>>>> >> > * <wsp:Policy>* >>>>>>> >> > * <sp:Strict />* >>>>>>> >> > * </wsp:Policy>* >>>>>>> >> > * </sp:Layout>* >>>>>>> >> > * <sp:IncludeTimestamp />* >>>>>>> >> > * <sp:OnlySignEntireHeadersAndBody />* >>>>>>> >> > * </wsp:Policy>* >>>>>>> >> > * </sp:AsymmetricBinding>* >>>>>>> >> > * <sp:Wss10 xmlns:sp=" >>>>>>> >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>>>> >> > * <wsp:Policy>* >>>>>>> >> > * <sp:MustSupportRefKeyIdentifier />* >>>>>>> >> > * <sp:MustSupportRefIssuerSerial />* >>>>>>> >> > * </wsp:Policy>* >>>>>>> >> > * </sp:Wss10>* >>>>>>> >> > * <sp:SignedParts* >>>>>>> >> > * xmlns:sp=" >>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>>>> >> > * <sp:Body />* >>>>>>> >> > * </sp:SignedParts>* >>>>>>> >> > * <sp:EncryptedParts* >>>>>>> >> > * xmlns:sp=" >>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>>>> >> > * <sp:Body />* >>>>>>> >> > * </sp:EncryptedParts>* >>>>>>> >> > >>>>>>> >> > * <ramp:RampartConfig xmlns:ramp=" >>>>>>> http://ws.apache.org/rampart/policy >>>>>>> >> > <http://ws.apache.org/rampart/policy>">* >>>>>>> >> > * <ramp:user>service</ramp:user>* >>>>>>> >> > * <ramp:encryptionUser>client</ramp:encryptionUser>* >>>>>>> >> > * >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> <ramp:passwordCallbackClass>com.test.webservice.PWCBHandler</ramp:passwordCallbackClass>* >>>>>>> >> > >>>>>>> >> > * <ramp:signatureCrypto>* >>>>>>> >> > * <ramp:crypto >>>>>>> >> provider="org.apache.ws.security.components.crypto.Merlin">* >>>>>>> >> > * <ramp:property* >>>>>>> >> > * >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>* >>>>>>> >> > * <ramp:property >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>* >>>>>>> >> > * <ramp:property* >>>>>>> >> > * >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>* >>>>>>> >> > * </ramp:crypto>* >>>>>>> >> > * </ramp:signatureCrypto>* >>>>>>> >> > * <ramp:encryptionCypto>* >>>>>>> >> > * <ramp:crypto >>>>>>> >> provider="org.apache.ws.security.components.crypto.Merlin">* >>>>>>> >> > * <ramp:property* >>>>>>> >> > * >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>* >>>>>>> >> > * <ramp:property >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>* >>>>>>> >> > * <ramp:property* >>>>>>> >> > * >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>* >>>>>>> >> > * </ramp:crypto>* >>>>>>> >> > * </ramp:encryptionCypto>* >>>>>>> >> > * </ramp:RampartConfig>* >>>>>>> >> > * </wsp:All>* >>>>>>> >> > * </wsp:ExactlyOne>* >>>>>>> >> > * </wsp:Policy>* >>>>>>> >> > >>>>>>> >> > In Apache CXF, I am trying to configure the security following >>>>>>> below >>>>>>> >> steps: >>>>>>> >> > >>>>>>> >> > 1. I have created as ws-policy.xml file and is placed under >>>>>>> >> WEB-INF/classes >>>>>>> >> > folder. I am providing this policy file to service class using >>>>>>> @Policies >>>>>>> >> > annotation. Ex: >>>>>>> >> > >>>>>>> >> > >>>>>>> >> > *@Policy(uri = "ws-policy.xml")* >>>>>>> >> > *@WebService(targetNamespace = "http://webservice.test.com >>>>>>> >> > <http://webservice.test.com>", name = "WSServicePortType")* >>>>>>> >> > *public class WSService {* >>>>>>> >> > *//Service method goes here.* >>>>>>> >> > *}* >>>>>>> >> > >>>>>>> >> > Contents of ws-policy.xml is as follows: >>>>>>> >> > >>>>>>> >> > *<wsp:Policy* >>>>>>> >> > * >>>>>>> >> > xmlns:wsu=" >>>>>>> >> > >>>>>>> >> >>>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>>>>>> >> > < >>>>>>> >> > >>>>>>> >> >>>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>>>>>> >> > >"* >>>>>>> >> > * xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy >>>>>>> >> > <http://schemas.xmlsoap.org/ws/2004/09/policy>">* >>>>>>> >> > >>>>>>> >> > * <sp:AsymmetricBinding* >>>>>>> >> > * xmlns:sp=" >>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>>>> >> > * <wsp:Policy>* >>>>>>> >> > * <sp:InitiatorToken>* >>>>>>> >> > * <wsp:Policy>* >>>>>>> >> > * <sp:X509Token* >>>>>>> >> > * >>>>>>> >> > sp:IncludeToken=" >>>>>>> >> > >>>>>>> >> >>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>>>>> >> > < >>>>>>> >> > >>>>>>> >> >>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>>>>> >> > >">* >>>>>>> >> > * <wsp:Policy>* >>>>>>> >> > * <sp:RequireIssuerSerialReference />* >>>>>>> >> > * </wsp:Policy>* >>>>>>> >> > * </sp:X509Token>* >>>>>>> >> > * </wsp:Policy>* >>>>>>> >> > * </sp:InitiatorToken>* >>>>>>> >> > * <sp:RecipientToken>* >>>>>>> >> > * <wsp:Policy>* >>>>>>> >> > * <sp:X509Token* >>>>>>> >> > * >>>>>>> >> > sp:IncludeToken=" >>>>>>> >> > >>>>>>> >> >>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>>>>> >> > < >>>>>>> >> > >>>>>>> >> >>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>>>>> >> > >">* >>>>>>> >> > * <wsp:Policy>* >>>>>>> >> > * <sp:RequireIssuerSerialReference />* >>>>>>> >> > * </wsp:Policy>* >>>>>>> >> > * </sp:X509Token>* >>>>>>> >> > * </wsp:Policy>* >>>>>>> >> > * </sp:RecipientToken>* >>>>>>> >> > * <sp:AlgorithmSuite>* >>>>>>> >> > * <wsp:Policy>* >>>>>>> >> > * <sp:TripleDesRsa15 />* >>>>>>> >> > * </wsp:Policy>* >>>>>>> >> > * </sp:AlgorithmSuite>* >>>>>>> >> > * <sp:Layout>* >>>>>>> >> > * <wsp:Policy>* >>>>>>> >> > * <sp:Strict />* >>>>>>> >> > * </wsp:Policy>* >>>>>>> >> > * </sp:Layout>* >>>>>>> >> > * </wsp:Policy>* >>>>>>> >> > * </sp:AsymmetricBinding>* >>>>>>> >> > >>>>>>> >> > * <sp:Wss10 xmlns:sp=" >>>>>>> >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>>>> >> > * <wsp:Policy>* >>>>>>> >> > * <sp:MustSupportRefKeyIdentifier />* >>>>>>> >> > * <sp:MustSupportRefIssuerSerial />* >>>>>>> >> > * </wsp:Policy>* >>>>>>> >> > * </sp:Wss10>* >>>>>>> >> > * <sp:SignedParts >>>>>>> >> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>>>> >> > * <sp:Body />* >>>>>>> >> > * </sp:SignedParts>* >>>>>>> >> > * <sp:EncryptedParts* >>>>>>> >> > * xmlns:sp=" >>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>>>> >> > * <sp:Body />* >>>>>>> >> > * </sp:EncryptedParts>* >>>>>>> >> > *</wsp:Policy>* >>>>>>> >> > >>>>>>> >> > 2. To configure WSS4J, I am using following snippet in >>>>>>> cxf-servlet.xml: >>>>>>> >> > >>>>>>> >> > * <jaxws:endpoint address="/WSService">* >>>>>>> >> > * <jaxws:implementor>* >>>>>>> >> > * <bean id="WSService"* >>>>>>> >> > * class="com.test.webservice.WSService" />* >>>>>>> >> > * </jaxws:implementor>* >>>>>>> >> > * <jaxws:inInterceptors>* >>>>>>> >> > * <ref bean="wss4jInConfiguration" />* >>>>>>> >> > * <bean class="com.test.webservice.AuthHandler">* >>>>>>> >> > * </bean>* >>>>>>> >> > * </jaxws:inInterceptors>* >>>>>>> >> > * <jaxws:outInterceptors>* >>>>>>> >> > * <ref bean="wss4jOutConfiguration" />* >>>>>>> >> > * <bean class="com.test.webservice.LogHandler">* >>>>>>> >> > * </bean>* >>>>>>> >> > * </jaxws:outInterceptors>* >>>>>>> >> > * <jaxws:properties>* >>>>>>> >> > * <entry key="ws-security.is-bsp-compliant" value="false" />* >>>>>>> >> > * </jaxws:properties>* >>>>>>> >> > * </jaxws:endpoint>* >>>>>>> >> > >>>>>>> >> > * <bean id="wss4jInConfiguration" >>>>>>> >> > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">* >>>>>>> >> > * <constructor-arg>* >>>>>>> >> > * <map>* >>>>>>> >> > * <entry key="action" value="Signature Encrypt Timestamp" />* >>>>>>> >> > * <entry key="signaturePropFile" value="service.properties" />* >>>>>>> >> > * <entry key="decryptionPropFile" value="service.properties" />* >>>>>>> >> > * <entry key="encryptionPropFile" value="service.properties" />* >>>>>>> >> > * <entry key="passwordCallbackClass" >>>>>>> >> > value="com.test.webservice.PWCBHandler" />* >>>>>>> >> > * </map>* >>>>>>> >> > * </constructor-arg>* >>>>>>> >> > * </bean>* >>>>>>> >> > >>>>>>> >> > * <bean id="wss4jOutConfiguration" >>>>>>> >> > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">* >>>>>>> >> > * <constructor-arg>* >>>>>>> >> > * <map>* >>>>>>> >> > * <entry key="action" value="Timestamp Signature Encrypt" />* >>>>>>> >> > * <entry key="passwordCallbackClass" >>>>>>> >> > value="com.test.webservice.PWCBHandler" />* >>>>>>> >> > * <entry key="signaturePropFile" value="service.properties" />* >>>>>>> >> > * <entry key="encryptionPropFile" value="service.properties" />* >>>>>>> >> > * <entry key="decryptionPropFile" value="service.properties" />* >>>>>>> >> > * </map>* >>>>>>> >> > * </constructor-arg>* >>>>>>> >> > * </bean>* >>>>>>> >> > >>>>>>> >> > service.properties is also present in WEB-INF/classes folder. >>>>>>> Its >>>>>>> >> content >>>>>>> >> > are as below: >>>>>>> >> > >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> *org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin* >>>>>>> >> > *org.apache.ws.security.crypto.merlin.keystore.type=jks* >>>>>>> >> > >>>>>>> *org.apache.ws.security.crypto.merlin.keystore.password=password* >>>>>>> >> > *org.apache.ws.security.crypto.merlin.file=service.jks* >>>>>>> >> > >>>>>>> >> > Using above configuration I am getting below mentioned >>>>>>> exception when I >>>>>>> >> am >>>>>>> >> > trying to access web service through client which is configured >>>>>>> using >>>>>>> >> same >>>>>>> >> > security setting which I used while I was in axis2: >>>>>>> >> > >>>>>>> >> > 20:49:21,744 WARN [ws.security.wss4j.WSS4JInInterceptor >>>>>>> ] >>>>>>> >> - >>>>>>> >> > org.apache.ws.security.WSSecurityException: The signature or >>>>>>> decryption >>>>>>> >> was >>>>>>> >> > invalid >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:450) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:241) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206) >>>>>>> >> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:647) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310) >>>>>>> >> > at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown >>>>>>> Source) >>>>>>> >> > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown >>>>>>> Source) >>>>>>> >> > at java.lang.Thread.run(Unknown Source) >>>>>>> >> > 20:49:21,745 WARN [apache.cxf.phase.PhaseInterceptorChain >>>>>>> ] >>>>>>> >> - >>>>>>> >> > Interceptor for {http://webservice.test.com >>>>>>> >> > }WSAmandaSecurityServiceService#{ >>>>>>> >> > http://webservice.test.com}authenticateUser has thrown >>>>>>> exception, >>>>>>> >> > unwinding >>>>>>> >> > now >>>>>>> >> > org.apache.cxf.binding.soap.SoapFault: The signature or >>>>>>> decryption was >>>>>>> >> > invalid >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:850) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:327) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:241) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206) >>>>>>> >> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:647) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310) >>>>>>> >> > at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown >>>>>>> Source) >>>>>>> >> > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown >>>>>>> Source) >>>>>>> >> > at java.lang.Thread.run(Unknown Source) >>>>>>> >> > Caused by: org.apache.ws.security.WSSecurityException: The >>>>>>> signature or >>>>>>> >> > decryption was invalid >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:450) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) >>>>>>> >> > at >>>>>>> >> > >>>>>>> >> > >>>>>>> >> >>>>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270) >>>>>>> >> > ... 28 test >>>>>>> >> > >>>>>>> >> > >>>>>>> >> > Can anyone help me identify if I am missing anything while >>>>>>> configuring >>>>>>> >> > WSS4J in apache cxf, so that I can use same client to access >>>>>>> cxf web >>>>>>> >> > service? >>>>>>> >> > >>>>>>> >> > Thanks for your time and help. >>>>>>> >> > >>>>>>> >> > Regards, Puneet. >>>>>>> >> > >>>>>>> >> >>>>>>> >> >>>>>>> >> >>>>>>> >> -- >>>>>>> >> Colm O hEigeartaigh >>>>>>> >> >>>>>>> >> Talend Community Coder >>>>>>> >> http://coders.talend.com >>>>>>> >> >>>>>>> > >>>>>>> > >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Colm O hEigeartaigh >>>>>>> >>>>>>> Talend Community Coder >>>>>>> http://coders.talend.com >>>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >>> >>> -- >>> Colm O hEigeartaigh >>> >>> Talend Community Coder >>> http://coders.talend.com >>> >> >> >
