Hi Colm,
Thanks for your valuable suggestions. I have upgraded my project to 2.7.12
and now I am not getting exception that I was getting earlier.
Following your suggestions I have also included <sp:IncludeTimestamp /> and
<sp:MustSupportRefIssuerSerial /> in my policy file. Still I am getting
below exception:
*These policy alternatives can not be satisfied: *
*{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding
<http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding>:
Received Timestamp does not match the requirements*
*{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
<http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token>: The
received token does not match the token inclusion requirement*
*{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken
<http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken>*
*{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
<http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken>*
*{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp
<http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp>:
Received Timestamp does not match the requirements*
Please find attached updated *ws-policy.xml*. My main motto is that my old
client are spared of making changes at their end to configure security. I
want them to upgrade to my service without making any changes in current
running clients.
My confusion is that we have this same policy file and it was working with
Axis2 WS. Please help me figure this thing out.
I have also tried to write new *ws-policy-new.xml* following below this
link: http://www.w3.org/TR/ws-policy-attach/. Same file is attached here
also, but I got following exception working with this file:
*Unexpected wrapper element
{http://www.w3.org/2001/04/xmlenc#}EncryptedData
<http://www.w3.org/2001/04/xmlenc#}EncryptedData> found. Expected
{http://webservice.test.com <http://webservice.test.com>}echo.*
I am not able to understand how to proceed. Please share some thoughts over
it.
Thanks, Puneet.
On Fri, Aug 22, 2014 at 7:50 PM, Colm O hEigeartaigh <[email protected]>
wrote:
> Hi,
>
> The problem is a bug in CXF 2.7.11 that you are running into:
>
> https://issues.apache.org/jira/browse/CXF-5679
>
> Upgrade to CXF 2.7.12 for the fix. BTW your test-case is still not valid
> after this, as the request does not quite match the policy on the service
> side, e.g. the Timestamp is not signed, IssuerSerial is not used, etc.
>
> Colm.
>
>
> On Thu, Aug 21, 2014 at 7:35 AM, Puneet Gupta <[email protected]
> > wrote:
>
>> Hi Colm,
>>
>> I know you were on vacation last week, but if you can find some time to
>> look into it, will be highly appreciated.
>>
>> Regards, Puneet.
>>
>>
>> On Fri, Aug 8, 2014 at 10:46 AM, Puneet Gupta <
>> [email protected]> wrote:
>>
>>> I am also attaching modified project. Please use it if required.
>>>
>>> Thanks.
>>>
>>>
>>> On Fri, Aug 8, 2014 at 10:45 AM, Puneet Gupta <
>>> [email protected]> wrote:
>>>
>>>> Hi Colm,
>>>>
>>>> Following your suggestion I have removed WSS4J+XML Sec from pom.xml.
>>>> Now dependency included by cxf-rt-ws-security is wss4j-1.6.15
>>>> and xmlsec-1.5.6 respectively. But getting same exception I was getting
>>>> earlier:
>>>>
>>>> *Caused by: org.apache.ws.security.WSSecurityException: The signature
>>>> or decryption was invalid*
>>>> * at
>>>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:451)*
>>>> * at
>>>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231)*
>>>> * at
>>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)*
>>>> * at
>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)*
>>>> * ... 29 more*
>>>>
>>>> Sorry for keep on bothering you. Please guide me further.
>>>>
>>>> Regards, Puneet.
>>>>
>>>>
>>>> On Wed, Aug 6, 2014 at 8:07 PM, Colm O hEigeartaigh <
>>>> [email protected]> wrote:
>>>>
>>>>>
>>>>> Without running the project, one immediate error I see is that you are
>>>>> including XML Security 2.0.0. This is not compatible with WSS4J 1.6.x or
>>>>> CXF 2.7.x. WSS4J + XML Security will get pulled in from the
>>>>> cxf-rt-ws-security dependency anyway, so just remove WSS4J + XML Security
>>>>> from the pom + see if this works.
>>>>>
>>>>> Colm.
>>>>>
>>>>>
>>>>> On Wed, Aug 6, 2014 at 7:40 AM, Puneet Gupta <
>>>>> [email protected]> wrote:
>>>>>
>>>>>> Hi Colm,
>>>>>>
>>>>>> Please find attached zip file containing:
>>>>>>
>>>>>> 1. A sample service with source code(demo-security.zip).
>>>>>> 2. A Sample SOAP UI (DemoSecurity-soapui-project.xml) project with
>>>>>> security configured in the project itself. (Generally we are using SOAP
>>>>>> UI
>>>>>> for testing our service in development environment. Using Axis2 we had
>>>>>> same
>>>>>> configuration in SOAP UI and there wss4j worked for us.)
>>>>>> 3. Attached zip file also contains a generated client.jks file which
>>>>>> you will need to point in your local environment while working through
>>>>>> SOAP
>>>>>> UI.
>>>>>> 4. A bat file which contains detailed steps which I followed to
>>>>>> generate key stores. I used jdk1.7.0_15 to generate key stores.
>>>>>>
>>>>>> Waiting for your response. Any pointers where I am missing the trick
>>>>>> is highly appreciated.
>>>>>>
>>>>>> Regards,
>>>>>> Puneet.
>>>>>>
>>>>>>
>>>>>> On Thu, Jul 31, 2014 at 3:01 PM, Puneet Gupta <
>>>>>> [email protected]> wrote:
>>>>>>
>>>>>>> Also I tried enabling logging information by specifying following
>>>>>>> property in Tomcat launch configuration, but haven't found anything
>>>>>>> relevant information there:
>>>>>>>
>>>>>>>
>>>>>>> -Djava.util.logging.config.file=C:\Users\p.gupta\Desktop\logging.properties
>>>>>>> -Dorg.apache.cxf.Logger=org.apache.cxf.common.logging.Slf4jLogger
>>>>>>>
>>>>>>> I have set logging level to Finest in logging.properties.
>>>>>>>
>>>>>>> Thanks, Puneet.
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Jul 31, 2014 at 2:58 PM, Puneet Gupta <
>>>>>>> [email protected]> wrote:
>>>>>>>
>>>>>>>> Hi Colm,
>>>>>>>>
>>>>>>>> Can you please help me understand what exactly you want in sample
>>>>>>>> test case. Should I send you a sample project with all current
>>>>>>>> configuration and a sample client in which I am facing this issue?
>>>>>>>> Would
>>>>>>>> that be sufficient?
>>>>>>>>
>>>>>>>> Please note that I am using SOAP UI as testing tool for my service.
>>>>>>>> I am getting "BSP" error on client that is created in SOAP UI. I
>>>>>>>> haven't tried creating a CXF client yet.
>>>>>>>>
>>>>>>>> Thanks for your patience.
>>>>>>>>
>>>>>>>> Puneet.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Jul 22, 2014 at 2:57 PM, Colm O hEigeartaigh <
>>>>>>>> [email protected]> wrote:
>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> Your approach of adding the security properties as
>>>>>>>>> "jaxws:properties" for
>>>>>>>>> the Endpoint is correct. If you are still seeing the error at
>>>>>>>>>
>>>>>>>>> "org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature"
>>>>>>>>> then I recommend turning logging up to "DEBUG" setting + having a
>>>>>>>>> look.
>>>>>>>>> This will tell you exactly where/why signature validation is
>>>>>>>>> failing. The
>>>>>>>>> likelihood is that the signing certificate is not trusted by the
>>>>>>>>> service
>>>>>>>>> endpoint. If you are still really stuck, then if you create a
>>>>>>>>> test-case to
>>>>>>>>> reproduce the problem I will take a look.
>>>>>>>>>
>>>>>>>>> With regards to the "BSP" error, could you paste the content of the
>>>>>>>>> EncryptedKey structure in the security header into a mail? Is the
>>>>>>>>> client a
>>>>>>>>> CXF client or a third party product? This type of error occurs
>>>>>>>>> when no
>>>>>>>>> "ValueType" attribute is present (or the wrong one is used), which
>>>>>>>>> is
>>>>>>>>> required by the Basic Security Profile specification.
>>>>>>>>>
>>>>>>>>> Colm.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, Jul 21, 2014 at 1:33 PM, Puneet Gupta <
>>>>>>>>> [email protected]>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> > Hi Colm,
>>>>>>>>> >
>>>>>>>>> > Thanks for investing time in this. My problem is I need to
>>>>>>>>> define security
>>>>>>>>> > at server end. I do have ws-policy.xml but that file does not
>>>>>>>>> have set of
>>>>>>>>> > properties that can define WSS4J configuration. Can you please
>>>>>>>>> help me
>>>>>>>>> > identify how I can define WSS4J related properties on server
>>>>>>>>> side.
>>>>>>>>> > Following your suggestions I have tried putting mentioned
>>>>>>>>> properties in
>>>>>>>>> > cxf-servlet.xml in below mentioned way (keeping ws-policy.xml
>>>>>>>>> same as
>>>>>>>>> > before):
>>>>>>>>> >
>>>>>>>>> > <jaxws:endpoint address="/WSService">
>>>>>>>>> > <jaxws:implementor>
>>>>>>>>> > <bean id="WSService"
>>>>>>>>> > class="com.test.webservice.WSService" />
>>>>>>>>> > </jaxws:implementor>
>>>>>>>>> > <jaxws:inInterceptors>
>>>>>>>>> > <bean class="com.test.webservice.AuthHandler"/>
>>>>>>>>> > </jaxws:inInterceptors>
>>>>>>>>> > <jaxws:outInterceptors>
>>>>>>>>> > <bean class="com.test.webservice.LogHandler"/>
>>>>>>>>> > </jaxws:outInterceptors>
>>>>>>>>> > <jaxws:properties>
>>>>>>>>> > <entry key="ws-security.callback-handler"
>>>>>>>>> > value="com.test.webservice.PWCBHandler" />
>>>>>>>>> > <entry key="ws-security.encryption.properties"
>>>>>>>>> value="service.properties"
>>>>>>>>> > />
>>>>>>>>> > <entry key="ws-security.encryption.username" value="service" />
>>>>>>>>> > <entry key="ws-security.signature.properties"
>>>>>>>>> value="service.properties" />
>>>>>>>>> > <entry key="ws-security.signature.username" value="service" />
>>>>>>>>> > *<entry
>>>>>>>>> key="ws-security.is-bsp-compliant"
>>>>>>>>> > value="false" />*
>>>>>>>>> > </jaxws:properties>
>>>>>>>>> > </jaxws:endpoint>
>>>>>>>>> >
>>>>>>>>> > But doing these changes still I am facing the same problem. Also
>>>>>>>>> if I am
>>>>>>>>> > not putting highlighted property in cxf-servlet.xml then I am
>>>>>>>>> facing below
>>>>>>>>> > mentioned issue
>>>>>>>>> >
>>>>>>>>> > *Caused by: org.apache.ws.security.WSSecurityException: An
>>>>>>>>> invalid
>>>>>>>>> > security token was provided (Bad ValueType
>>>>>>>>> > "
>>>>>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>>>>>>>>> > <
>>>>>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>>>>>>>>> >")*
>>>>>>>>> > * at
>>>>>>>>> >
>>>>>>>>> org.apache.ws.security.str.BSPEnforcer.checkBinarySecurityBSPCompliance(BSPEnforcer.java:70)*
>>>>>>>>> > * at
>>>>>>>>> >
>>>>>>>>> org.apache.ws.security.str.EncryptedKeySTRParser.parseSecurityTokenReference(EncryptedKeySTRParser.java:117)*
>>>>>>>>> > * at
>>>>>>>>> >
>>>>>>>>> org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:297)*
>>>>>>>>> > * at
>>>>>>>>> >
>>>>>>>>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:114)*
>>>>>>>>> > * at
>>>>>>>>> >
>>>>>>>>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:65)*
>>>>>>>>> > * at
>>>>>>>>> >
>>>>>>>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)*
>>>>>>>>> > * at
>>>>>>>>> >
>>>>>>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)*
>>>>>>>>> >
>>>>>>>>> > Just want to confirm why we need to put this property in
>>>>>>>>> cxf-servlet.xml.
>>>>>>>>> > Is this the best approach or there is something I am missing.
>>>>>>>>> >
>>>>>>>>> > Thanks again for your time. Looking forward for your response.
>>>>>>>>> >
>>>>>>>>> > Thanks, Puneet,
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> > On Mon, Jul 21, 2014 at 3:19 PM, Colm O hEigeartaigh <
>>>>>>>>> [email protected]>
>>>>>>>>> > wrote:
>>>>>>>>> >
>>>>>>>>> >> Hi,
>>>>>>>>> >>
>>>>>>>>> >> You are mixing up the two different ways of configuring
>>>>>>>>> WS-Security in
>>>>>>>>> >> CXF.
>>>>>>>>> >> The "action" based approach involves defining
>>>>>>>>> WSS4JOutInterceptor +
>>>>>>>>> >> WSS4JInInterceptors + explicitly adding them to the interceptor
>>>>>>>>> chain.
>>>>>>>>> >> However, when you have a security policy, you don't need to do
>>>>>>>>> any of this
>>>>>>>>> >> as CXF will take care of configuring WSS4J for you. In this
>>>>>>>>> case, you just
>>>>>>>>> >> need to define some JAX-WS properties (keystores etc.). For
>>>>>>>>> example, see
>>>>>>>>> >> the following test configuration:
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob_plain;f=systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client/client.xml;hb=refs/heads/2.7.x-fixes
>>>>>>>>> >>
>>>>>>>>> >> e.g.
>>>>>>>>> >>
>>>>>>>>> >> <jaxws:client name="{
>>>>>>>>> >>
>>>>>>>>> http://www.example.org/contract/DoubleIt}DoubleItAsymmetricSignEncryptPort
>>>>>>>>> >> "
>>>>>>>>> >> createdFromAPI="true">
>>>>>>>>> >> <jaxws:properties>
>>>>>>>>> >> <entry key="ws-security.callback-handler"
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
>>>>>>>>> >> <entry key="ws-security.encryption.properties"
>>>>>>>>> >> value="bob.properties"/>
>>>>>>>>> >> <entry key="ws-security.encryption.username"
>>>>>>>>> value="bob"/>
>>>>>>>>> >> <entry key="ws-security.signature.properties"
>>>>>>>>> >> value="alice.properties"/>
>>>>>>>>> >> <entry key="ws-security.signature.username"
>>>>>>>>> value="alice"/>
>>>>>>>>> >> </jaxws:properties>
>>>>>>>>> >> </jaxws:client>
>>>>>>>>> >>
>>>>>>>>> >> Colm.
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >> On Sat, Jul 19, 2014 at 4:38 PM, Puneet Gupta <
>>>>>>>>> >> [email protected]>
>>>>>>>>> >> wrote:
>>>>>>>>> >>
>>>>>>>>> >> > Hi All,
>>>>>>>>> >> >
>>>>>>>>> >> > I am migrating from Axis2 Web Services to Apache CXF. In
>>>>>>>>> axis2, I had
>>>>>>>>> >> > configured security using Rampart and I have configured it
>>>>>>>>> using
>>>>>>>>> >> following
>>>>>>>>> >> > policy settings:
>>>>>>>>> >> >
>>>>>>>>> >> > *<wsp:Policy wsu:Id="SigEncr"*
>>>>>>>>> >> > *
>>>>>>>>> >> > xmlns:wsu="
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>>>>>>>>> >> > <
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>>>>>>>>> >> > >"*
>>>>>>>>> >> > * xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy
>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2004/09/policy>">*
>>>>>>>>> >> > * <wsp:ExactlyOne>*
>>>>>>>>> >> > * <wsp:All>*
>>>>>>>>> >> > * <sp:AsymmetricBinding*
>>>>>>>>> >> > * xmlns:sp="
>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
>>>>>>>>> >> > * <wsp:Policy>*
>>>>>>>>> >> > * <sp:InitiatorToken>*
>>>>>>>>> >> > * <wsp:Policy>*
>>>>>>>>> >> > * <sp:X509Token*
>>>>>>>>> >> > *
>>>>>>>>> >> > sp:IncludeToken="
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
>>>>>>>>> >> > <
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
>>>>>>>>> >> > >">*
>>>>>>>>> >> > * <wsp:Policy>*
>>>>>>>>> >> > * <sp:RequireKeyIdentifierReference />*
>>>>>>>>> >> > * <sp:WssX509V3Token10 />*
>>>>>>>>> >> > * </wsp:Policy>*
>>>>>>>>> >> > * </sp:X509Token>*
>>>>>>>>> >> > * </wsp:Policy>*
>>>>>>>>> >> > * </sp:InitiatorToken>*
>>>>>>>>> >> > * <sp:RecipientToken>*
>>>>>>>>> >> > * <wsp:Policy>*
>>>>>>>>> >> > * <sp:X509Token*
>>>>>>>>> >> > *
>>>>>>>>> >> > sp:IncludeToken="
>>>>>>>>> >> >
>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never
>>>>>>>>> >> > <
>>>>>>>>> >>
>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never
>>>>>>>>> >> > >">*
>>>>>>>>> >> > * <wsp:Policy>*
>>>>>>>>> >> > * <sp:RequireKeyIdentifierReference />*
>>>>>>>>> >> > * <sp:WssX509V3Token10 />*
>>>>>>>>> >> > * </wsp:Policy>*
>>>>>>>>> >> > * </sp:X509Token>*
>>>>>>>>> >> > * </wsp:Policy>*
>>>>>>>>> >> > * </sp:RecipientToken>*
>>>>>>>>> >> > * <sp:AlgorithmSuite>*
>>>>>>>>> >> > * <wsp:Policy>*
>>>>>>>>> >> > * <sp:TripleDesRsa15 />*
>>>>>>>>> >> > * </wsp:Policy>*
>>>>>>>>> >> > * </sp:AlgorithmSuite>*
>>>>>>>>> >> > * <sp:Layout>*
>>>>>>>>> >> > * <wsp:Policy>*
>>>>>>>>> >> > * <sp:Strict />*
>>>>>>>>> >> > * </wsp:Policy>*
>>>>>>>>> >> > * </sp:Layout>*
>>>>>>>>> >> > * <sp:IncludeTimestamp />*
>>>>>>>>> >> > * <sp:OnlySignEntireHeadersAndBody />*
>>>>>>>>> >> > * </wsp:Policy>*
>>>>>>>>> >> > * </sp:AsymmetricBinding>*
>>>>>>>>> >> > * <sp:Wss10 xmlns:sp="
>>>>>>>>> >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
>>>>>>>>> >> > * <wsp:Policy>*
>>>>>>>>> >> > * <sp:MustSupportRefKeyIdentifier />*
>>>>>>>>> >> > * <sp:MustSupportRefIssuerSerial />*
>>>>>>>>> >> > * </wsp:Policy>*
>>>>>>>>> >> > * </sp:Wss10>*
>>>>>>>>> >> > * <sp:SignedParts*
>>>>>>>>> >> > * xmlns:sp="
>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
>>>>>>>>> >> > * <sp:Body />*
>>>>>>>>> >> > * </sp:SignedParts>*
>>>>>>>>> >> > * <sp:EncryptedParts*
>>>>>>>>> >> > * xmlns:sp="
>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
>>>>>>>>> >> > * <sp:Body />*
>>>>>>>>> >> > * </sp:EncryptedParts>*
>>>>>>>>> >> >
>>>>>>>>> >> > * <ramp:RampartConfig xmlns:ramp="
>>>>>>>>> http://ws.apache.org/rampart/policy
>>>>>>>>> >> > <http://ws.apache.org/rampart/policy>">*
>>>>>>>>> >> > * <ramp:user>service</ramp:user>*
>>>>>>>>> >> > * <ramp:encryptionUser>client</ramp:encryptionUser>*
>>>>>>>>> >> > *
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> <ramp:passwordCallbackClass>com.test.webservice.PWCBHandler</ramp:passwordCallbackClass>*
>>>>>>>>> >> >
>>>>>>>>> >> > * <ramp:signatureCrypto>*
>>>>>>>>> >> > * <ramp:crypto
>>>>>>>>> >> provider="org.apache.ws.security.components.crypto.Merlin">*
>>>>>>>>> >> > * <ramp:property*
>>>>>>>>> >> > *
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>*
>>>>>>>>> >> > * <ramp:property
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>*
>>>>>>>>> >> > * <ramp:property*
>>>>>>>>> >> > *
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>*
>>>>>>>>> >> > * </ramp:crypto>*
>>>>>>>>> >> > * </ramp:signatureCrypto>*
>>>>>>>>> >> > * <ramp:encryptionCypto>*
>>>>>>>>> >> > * <ramp:crypto
>>>>>>>>> >> provider="org.apache.ws.security.components.crypto.Merlin">*
>>>>>>>>> >> > * <ramp:property*
>>>>>>>>> >> > *
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>*
>>>>>>>>> >> > * <ramp:property
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>*
>>>>>>>>> >> > * <ramp:property*
>>>>>>>>> >> > *
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>*
>>>>>>>>> >> > * </ramp:crypto>*
>>>>>>>>> >> > * </ramp:encryptionCypto>*
>>>>>>>>> >> > * </ramp:RampartConfig>*
>>>>>>>>> >> > * </wsp:All>*
>>>>>>>>> >> > * </wsp:ExactlyOne>*
>>>>>>>>> >> > * </wsp:Policy>*
>>>>>>>>> >> >
>>>>>>>>> >> > In Apache CXF, I am trying to configure the security
>>>>>>>>> following below
>>>>>>>>> >> steps:
>>>>>>>>> >> >
>>>>>>>>> >> > 1. I have created as ws-policy.xml file and is placed under
>>>>>>>>> >> WEB-INF/classes
>>>>>>>>> >> > folder. I am providing this policy file to service class
>>>>>>>>> using @Policies
>>>>>>>>> >> > annotation. Ex:
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >> > *@Policy(uri = "ws-policy.xml")*
>>>>>>>>> >> > *@WebService(targetNamespace = "http://webservice.test.com
>>>>>>>>> >> > <http://webservice.test.com>", name = "WSServicePortType")*
>>>>>>>>> >> > *public class WSService {*
>>>>>>>>> >> > *//Service method goes here.*
>>>>>>>>> >> > *}*
>>>>>>>>> >> >
>>>>>>>>> >> > Contents of ws-policy.xml is as follows:
>>>>>>>>> >> >
>>>>>>>>> >> > *<wsp:Policy*
>>>>>>>>> >> > *
>>>>>>>>> >> > xmlns:wsu="
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>>>>>>>>> >> > <
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>>>>>>>>> >> > >"*
>>>>>>>>> >> > * xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy
>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2004/09/policy>">*
>>>>>>>>> >> >
>>>>>>>>> >> > * <sp:AsymmetricBinding*
>>>>>>>>> >> > * xmlns:sp="
>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
>>>>>>>>> >> > * <wsp:Policy>*
>>>>>>>>> >> > * <sp:InitiatorToken>*
>>>>>>>>> >> > * <wsp:Policy>*
>>>>>>>>> >> > * <sp:X509Token*
>>>>>>>>> >> > *
>>>>>>>>> >> > sp:IncludeToken="
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
>>>>>>>>> >> > <
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
>>>>>>>>> >> > >">*
>>>>>>>>> >> > * <wsp:Policy>*
>>>>>>>>> >> > * <sp:RequireIssuerSerialReference />*
>>>>>>>>> >> > * </wsp:Policy>*
>>>>>>>>> >> > * </sp:X509Token>*
>>>>>>>>> >> > * </wsp:Policy>*
>>>>>>>>> >> > * </sp:InitiatorToken>*
>>>>>>>>> >> > * <sp:RecipientToken>*
>>>>>>>>> >> > * <wsp:Policy>*
>>>>>>>>> >> > * <sp:X509Token*
>>>>>>>>> >> > *
>>>>>>>>> >> > sp:IncludeToken="
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
>>>>>>>>> >> > <
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
>>>>>>>>> >> > >">*
>>>>>>>>> >> > * <wsp:Policy>*
>>>>>>>>> >> > * <sp:RequireIssuerSerialReference />*
>>>>>>>>> >> > * </wsp:Policy>*
>>>>>>>>> >> > * </sp:X509Token>*
>>>>>>>>> >> > * </wsp:Policy>*
>>>>>>>>> >> > * </sp:RecipientToken>*
>>>>>>>>> >> > * <sp:AlgorithmSuite>*
>>>>>>>>> >> > * <wsp:Policy>*
>>>>>>>>> >> > * <sp:TripleDesRsa15 />*
>>>>>>>>> >> > * </wsp:Policy>*
>>>>>>>>> >> > * </sp:AlgorithmSuite>*
>>>>>>>>> >> > * <sp:Layout>*
>>>>>>>>> >> > * <wsp:Policy>*
>>>>>>>>> >> > * <sp:Strict />*
>>>>>>>>> >> > * </wsp:Policy>*
>>>>>>>>> >> > * </sp:Layout>*
>>>>>>>>> >> > * </wsp:Policy>*
>>>>>>>>> >> > * </sp:AsymmetricBinding>*
>>>>>>>>> >> >
>>>>>>>>> >> > * <sp:Wss10 xmlns:sp="
>>>>>>>>> >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
>>>>>>>>> >> > * <wsp:Policy>*
>>>>>>>>> >> > * <sp:MustSupportRefKeyIdentifier />*
>>>>>>>>> >> > * <sp:MustSupportRefIssuerSerial />*
>>>>>>>>> >> > * </wsp:Policy>*
>>>>>>>>> >> > * </sp:Wss10>*
>>>>>>>>> >> > * <sp:SignedParts
>>>>>>>>> >> > xmlns:sp="
>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
>>>>>>>>> >> > * <sp:Body />*
>>>>>>>>> >> > * </sp:SignedParts>*
>>>>>>>>> >> > * <sp:EncryptedParts*
>>>>>>>>> >> > * xmlns:sp="
>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
>>>>>>>>> >> > * <sp:Body />*
>>>>>>>>> >> > * </sp:EncryptedParts>*
>>>>>>>>> >> > *</wsp:Policy>*
>>>>>>>>> >> >
>>>>>>>>> >> > 2. To configure WSS4J, I am using following snippet in
>>>>>>>>> cxf-servlet.xml:
>>>>>>>>> >> >
>>>>>>>>> >> > * <jaxws:endpoint address="/WSService">*
>>>>>>>>> >> > * <jaxws:implementor>*
>>>>>>>>> >> > * <bean id="WSService"*
>>>>>>>>> >> > * class="com.test.webservice.WSService" />*
>>>>>>>>> >> > * </jaxws:implementor>*
>>>>>>>>> >> > * <jaxws:inInterceptors>*
>>>>>>>>> >> > * <ref bean="wss4jInConfiguration" />*
>>>>>>>>> >> > * <bean class="com.test.webservice.AuthHandler">*
>>>>>>>>> >> > * </bean>*
>>>>>>>>> >> > * </jaxws:inInterceptors>*
>>>>>>>>> >> > * <jaxws:outInterceptors>*
>>>>>>>>> >> > * <ref bean="wss4jOutConfiguration" />*
>>>>>>>>> >> > * <bean class="com.test.webservice.LogHandler">*
>>>>>>>>> >> > * </bean>*
>>>>>>>>> >> > * </jaxws:outInterceptors>*
>>>>>>>>> >> > * <jaxws:properties>*
>>>>>>>>> >> > * <entry key="ws-security.is-bsp-compliant" value="false" />*
>>>>>>>>> >> > * </jaxws:properties>*
>>>>>>>>> >> > * </jaxws:endpoint>*
>>>>>>>>> >> >
>>>>>>>>> >> > * <bean id="wss4jInConfiguration"
>>>>>>>>> >> > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">*
>>>>>>>>> >> > * <constructor-arg>*
>>>>>>>>> >> > * <map>*
>>>>>>>>> >> > * <entry key="action" value="Signature Encrypt Timestamp" />*
>>>>>>>>> >> > * <entry key="signaturePropFile" value="service.properties"
>>>>>>>>> />*
>>>>>>>>> >> > * <entry key="decryptionPropFile" value="service.properties"
>>>>>>>>> />*
>>>>>>>>> >> > * <entry key="encryptionPropFile" value="service.properties"
>>>>>>>>> />*
>>>>>>>>> >> > * <entry key="passwordCallbackClass"
>>>>>>>>> >> > value="com.test.webservice.PWCBHandler" />*
>>>>>>>>> >> > * </map>*
>>>>>>>>> >> > * </constructor-arg>*
>>>>>>>>> >> > * </bean>*
>>>>>>>>> >> >
>>>>>>>>> >> > * <bean id="wss4jOutConfiguration"
>>>>>>>>> >> > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">*
>>>>>>>>> >> > * <constructor-arg>*
>>>>>>>>> >> > * <map>*
>>>>>>>>> >> > * <entry key="action" value="Timestamp Signature Encrypt" />*
>>>>>>>>> >> > * <entry key="passwordCallbackClass"
>>>>>>>>> >> > value="com.test.webservice.PWCBHandler" />*
>>>>>>>>> >> > * <entry key="signaturePropFile" value="service.properties"
>>>>>>>>> />*
>>>>>>>>> >> > * <entry key="encryptionPropFile" value="service.properties"
>>>>>>>>> />*
>>>>>>>>> >> > * <entry key="decryptionPropFile" value="service.properties"
>>>>>>>>> />*
>>>>>>>>> >> > * </map>*
>>>>>>>>> >> > * </constructor-arg>*
>>>>>>>>> >> > * </bean>*
>>>>>>>>> >> >
>>>>>>>>> >> > service.properties is also present in WEB-INF/classes folder.
>>>>>>>>> Its
>>>>>>>>> >> content
>>>>>>>>> >> > are as below:
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> *org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin*
>>>>>>>>> >> > *org.apache.ws.security.crypto.merlin.keystore.type=jks*
>>>>>>>>> >> >
>>>>>>>>> *org.apache.ws.security.crypto.merlin.keystore.password=password*
>>>>>>>>> >> > *org.apache.ws.security.crypto.merlin.file=service.jks*
>>>>>>>>> >> >
>>>>>>>>> >> > Using above configuration I am getting below mentioned
>>>>>>>>> exception when I
>>>>>>>>> >> am
>>>>>>>>> >> > trying to access web service through client which is
>>>>>>>>> configured using
>>>>>>>>> >> same
>>>>>>>>> >> > security setting which I used while I was in axis2:
>>>>>>>>> >> >
>>>>>>>>> >> > 20:49:21,744 WARN [ws.security.wss4j.WSS4JInInterceptor
>>>>>>>>> ]
>>>>>>>>> >> -
>>>>>>>>> >> > org.apache.ws.security.WSSecurityException: The signature or
>>>>>>>>> decryption
>>>>>>>>> >> was
>>>>>>>>> >> > invalid
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:450)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:241)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
>>>>>>>>> >> > at
>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
>>>>>>>>> >> > at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown
>>>>>>>>> Source)
>>>>>>>>> >> > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
>>>>>>>>> Source)
>>>>>>>>> >> > at java.lang.Thread.run(Unknown Source)
>>>>>>>>> >> > 20:49:21,745 WARN [apache.cxf.phase.PhaseInterceptorChain
>>>>>>>>> ]
>>>>>>>>> >> -
>>>>>>>>> >> > Interceptor for {http://webservice.test.com
>>>>>>>>> >> > }WSAmandaSecurityServiceService#{
>>>>>>>>> >> > http://webservice.test.com}authenticateUser has thrown
>>>>>>>>> exception,
>>>>>>>>> >> > unwinding
>>>>>>>>> >> > now
>>>>>>>>> >> > org.apache.cxf.binding.soap.SoapFault: The signature or
>>>>>>>>> decryption was
>>>>>>>>> >> > invalid
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:850)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:327)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:241)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
>>>>>>>>> >> > at
>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
>>>>>>>>> >> > at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown
>>>>>>>>> Source)
>>>>>>>>> >> > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
>>>>>>>>> Source)
>>>>>>>>> >> > at java.lang.Thread.run(Unknown Source)
>>>>>>>>> >> > Caused by: org.apache.ws.security.WSSecurityException: The
>>>>>>>>> signature or
>>>>>>>>> >> > decryption was invalid
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:450)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
>>>>>>>>> >> > at
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)
>>>>>>>>> >> > ... 28 test
>>>>>>>>> >> >
>>>>>>>>> >> >
>>>>>>>>> >> > Can anyone help me identify if I am missing anything while
>>>>>>>>> configuring
>>>>>>>>> >> > WSS4J in apache cxf, so that I can use same client to access
>>>>>>>>> cxf web
>>>>>>>>> >> > service?
>>>>>>>>> >> >
>>>>>>>>> >> > Thanks for your time and help.
>>>>>>>>> >> >
>>>>>>>>> >> > Regards, Puneet.
>>>>>>>>> >> >
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >> --
>>>>>>>>> >> Colm O hEigeartaigh
>>>>>>>>> >>
>>>>>>>>> >> Talend Community Coder
>>>>>>>>> >> http://coders.talend.com
>>>>>>>>> >>
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Colm O hEigeartaigh
>>>>>>>>>
>>>>>>>>> Talend Community Coder
>>>>>>>>> http://coders.talend.com
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Colm O hEigeartaigh
>>>>>
>>>>> Talend Community Coder
>>>>> http://coders.talend.com
>>>>>
>>>>
>>>>
>>>
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
<wsp:Policy wsu:Id="SigEncr"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://www.w3.org/ns/ws-policy"; xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";
wsu:Id="X509EndpointPolicy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:RequireKeyIdentifierReference />
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
<wsp:Policy>
<sp:RequireKeyIdentifierReference />
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial />
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts>
<sp:Body />
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body />
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="SigEncr"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:RequireKeyIdentifierReference />
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:RequireKeyIdentifierReference />
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial />
</wsp:Policy>
</sp:Wss11>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body />
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
