Your "ws-policy-new.xml" is not working because it is invalid - there are two wsu:Id attributes. I think you are not going to get this to work if you can't change the clients, as you have a fundamental problem with the Timestamp. The clients are not signing the Timestamp, which they are required to do as per the sp:IncludeTimestamp policy. If Axis is not enforcing this then it is a bug in the security validation on their part.
Colm. On Sat, Aug 23, 2014 at 12:04 PM, Puneet Gupta <[email protected]> wrote: > Hi Colm, > > Thanks for your valuable suggestions. I have upgraded my project to 2.7.12 > and now I am not getting exception that I was getting earlier. > > Following your suggestions I have also included <sp:IncludeTimestamp /> > and <sp:MustSupportRefIssuerSerial /> in my policy file. Still I am getting > below exception: > > *These policy alternatives can not be satisfied: * > *{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding > <http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702%7DAsymmetricBinding>: > Received Timestamp does not match the requirements* > *{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token > <http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702%7DX509Token>: > The received token does not match the token inclusion requirement* > *{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken > <http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702%7DInitiatorToken>* > *{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken > <http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702%7DRecipientToken>* > *{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp > <http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702%7DIncludeTimestamp>: > Received Timestamp does not match the requirements* > > Please find attached updated *ws-policy.xml*. My main motto is that my > old client are spared of making changes at their end to configure security. > I want them to upgrade to my service without making any changes in current > running clients. > > My confusion is that we have this same policy file and it was working with > Axis2 WS. Please help me figure this thing out. > > I have also tried to write new *ws-policy-new.xml* following below this > link: http://www.w3.org/TR/ws-policy-attach/. Same file is attached here > also, but I got following exception working with this file: > > *Unexpected wrapper element > {http://www.w3.org/2001/04/xmlenc#}EncryptedData > <http://www.w3.org/2001/04/xmlenc#%7DEncryptedData> found. Expected > {http://webservice.test.com <http://webservice.test.com>}echo.* > > I am not able to understand how to proceed. Please share some thoughts > over it. > > Thanks, Puneet. > > > On Fri, Aug 22, 2014 at 7:50 PM, Colm O hEigeartaigh <[email protected]> > wrote: > >> Hi, >> >> The problem is a bug in CXF 2.7.11 that you are running into: >> >> https://issues.apache.org/jira/browse/CXF-5679 >> >> Upgrade to CXF 2.7.12 for the fix. BTW your test-case is still not valid >> after this, as the request does not quite match the policy on the service >> side, e.g. the Timestamp is not signed, IssuerSerial is not used, etc. >> >> Colm. >> >> >> On Thu, Aug 21, 2014 at 7:35 AM, Puneet Gupta < >> [email protected]> wrote: >> >>> Hi Colm, >>> >>> I know you were on vacation last week, but if you can find some time to >>> look into it, will be highly appreciated. >>> >>> Regards, Puneet. >>> >>> >>> On Fri, Aug 8, 2014 at 10:46 AM, Puneet Gupta < >>> [email protected]> wrote: >>> >>>> I am also attaching modified project. Please use it if required. >>>> >>>> Thanks. >>>> >>>> >>>> On Fri, Aug 8, 2014 at 10:45 AM, Puneet Gupta < >>>> [email protected]> wrote: >>>> >>>>> Hi Colm, >>>>> >>>>> Following your suggestion I have removed WSS4J+XML Sec from pom.xml. >>>>> Now dependency included by cxf-rt-ws-security is wss4j-1.6.15 >>>>> and xmlsec-1.5.6 respectively. But getting same exception I was getting >>>>> earlier: >>>>> >>>>> *Caused by: org.apache.ws.security.WSSecurityException: The signature >>>>> or decryption was invalid* >>>>> * at >>>>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:451)* >>>>> * at >>>>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231)* >>>>> * at >>>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)* >>>>> * at >>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)* >>>>> * ... 29 more* >>>>> >>>>> Sorry for keep on bothering you. Please guide me further. >>>>> >>>>> Regards, Puneet. >>>>> >>>>> >>>>> On Wed, Aug 6, 2014 at 8:07 PM, Colm O hEigeartaigh < >>>>> [email protected]> wrote: >>>>> >>>>>> >>>>>> Without running the project, one immediate error I see is that you >>>>>> are including XML Security 2.0.0. This is not compatible with WSS4J 1.6.x >>>>>> or CXF 2.7.x. WSS4J + XML Security will get pulled in from the >>>>>> cxf-rt-ws-security dependency anyway, so just remove WSS4J + XML Security >>>>>> from the pom + see if this works. >>>>>> >>>>>> Colm. >>>>>> >>>>>> >>>>>> On Wed, Aug 6, 2014 at 7:40 AM, Puneet Gupta < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi Colm, >>>>>>> >>>>>>> Please find attached zip file containing: >>>>>>> >>>>>>> 1. A sample service with source code(demo-security.zip). >>>>>>> 2. A Sample SOAP UI (DemoSecurity-soapui-project.xml) project with >>>>>>> security configured in the project itself. (Generally we are using SOAP >>>>>>> UI >>>>>>> for testing our service in development environment. Using Axis2 we had >>>>>>> same >>>>>>> configuration in SOAP UI and there wss4j worked for us.) >>>>>>> 3. Attached zip file also contains a generated client.jks file which >>>>>>> you will need to point in your local environment while working through >>>>>>> SOAP >>>>>>> UI. >>>>>>> 4. A bat file which contains detailed steps which I followed to >>>>>>> generate key stores. I used jdk1.7.0_15 to generate key stores. >>>>>>> >>>>>>> Waiting for your response. Any pointers where I am missing the trick >>>>>>> is highly appreciated. >>>>>>> >>>>>>> Regards, >>>>>>> Puneet. >>>>>>> >>>>>>> >>>>>>> On Thu, Jul 31, 2014 at 3:01 PM, Puneet Gupta < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Also I tried enabling logging information by specifying following >>>>>>>> property in Tomcat launch configuration, but haven't found anything >>>>>>>> relevant information there: >>>>>>>> >>>>>>>> >>>>>>>> -Djava.util.logging.config.file=C:\Users\p.gupta\Desktop\logging.properties >>>>>>>> -Dorg.apache.cxf.Logger=org.apache.cxf.common.logging.Slf4jLogger >>>>>>>> >>>>>>>> I have set logging level to Finest in logging.properties. >>>>>>>> >>>>>>>> Thanks, Puneet. >>>>>>>> >>>>>>>> >>>>>>>> On Thu, Jul 31, 2014 at 2:58 PM, Puneet Gupta < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi Colm, >>>>>>>>> >>>>>>>>> Can you please help me understand what exactly you want in sample >>>>>>>>> test case. Should I send you a sample project with all current >>>>>>>>> configuration and a sample client in which I am facing this issue? >>>>>>>>> Would >>>>>>>>> that be sufficient? >>>>>>>>> >>>>>>>>> Please note that I am using SOAP UI as testing tool for my >>>>>>>>> service. I am getting "BSP" error on client that is created in >>>>>>>>> SOAP UI. I haven't tried creating a CXF client yet. >>>>>>>>> >>>>>>>>> Thanks for your patience. >>>>>>>>> >>>>>>>>> Puneet. >>>>>>>>> >>>>>>>>> >>>>>>>>> On Tue, Jul 22, 2014 at 2:57 PM, Colm O hEigeartaigh < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> Your approach of adding the security properties as >>>>>>>>>> "jaxws:properties" for >>>>>>>>>> the Endpoint is correct. If you are still seeing the error at >>>>>>>>>> >>>>>>>>>> "org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature" >>>>>>>>>> then I recommend turning logging up to "DEBUG" setting + having a >>>>>>>>>> look. >>>>>>>>>> This will tell you exactly where/why signature validation is >>>>>>>>>> failing. The >>>>>>>>>> likelihood is that the signing certificate is not trusted by the >>>>>>>>>> service >>>>>>>>>> endpoint. If you are still really stuck, then if you create a >>>>>>>>>> test-case to >>>>>>>>>> reproduce the problem I will take a look. >>>>>>>>>> >>>>>>>>>> With regards to the "BSP" error, could you paste the content of >>>>>>>>>> the >>>>>>>>>> EncryptedKey structure in the security header into a mail? Is the >>>>>>>>>> client a >>>>>>>>>> CXF client or a third party product? This type of error occurs >>>>>>>>>> when no >>>>>>>>>> "ValueType" attribute is present (or the wrong one is used), >>>>>>>>>> which is >>>>>>>>>> required by the Basic Security Profile specification. >>>>>>>>>> >>>>>>>>>> Colm. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Mon, Jul 21, 2014 at 1:33 PM, Puneet Gupta < >>>>>>>>>> [email protected]> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> > Hi Colm, >>>>>>>>>> > >>>>>>>>>> > Thanks for investing time in this. My problem is I need to >>>>>>>>>> define security >>>>>>>>>> > at server end. I do have ws-policy.xml but that file does not >>>>>>>>>> have set of >>>>>>>>>> > properties that can define WSS4J configuration. Can you please >>>>>>>>>> help me >>>>>>>>>> > identify how I can define WSS4J related properties on server >>>>>>>>>> side. >>>>>>>>>> > Following your suggestions I have tried putting mentioned >>>>>>>>>> properties in >>>>>>>>>> > cxf-servlet.xml in below mentioned way (keeping ws-policy.xml >>>>>>>>>> same as >>>>>>>>>> > before): >>>>>>>>>> > >>>>>>>>>> > <jaxws:endpoint address="/WSService"> >>>>>>>>>> > <jaxws:implementor> >>>>>>>>>> > <bean id="WSService" >>>>>>>>>> > class="com.test.webservice.WSService" /> >>>>>>>>>> > </jaxws:implementor> >>>>>>>>>> > <jaxws:inInterceptors> >>>>>>>>>> > <bean class="com.test.webservice.AuthHandler"/> >>>>>>>>>> > </jaxws:inInterceptors> >>>>>>>>>> > <jaxws:outInterceptors> >>>>>>>>>> > <bean class="com.test.webservice.LogHandler"/> >>>>>>>>>> > </jaxws:outInterceptors> >>>>>>>>>> > <jaxws:properties> >>>>>>>>>> > <entry key="ws-security.callback-handler" >>>>>>>>>> > value="com.test.webservice.PWCBHandler" /> >>>>>>>>>> > <entry key="ws-security.encryption.properties" >>>>>>>>>> value="service.properties" >>>>>>>>>> > /> >>>>>>>>>> > <entry key="ws-security.encryption.username" value="service" /> >>>>>>>>>> > <entry key="ws-security.signature.properties" >>>>>>>>>> value="service.properties" /> >>>>>>>>>> > <entry key="ws-security.signature.username" value="service" /> >>>>>>>>>> > *<entry >>>>>>>>>> key="ws-security.is-bsp-compliant" >>>>>>>>>> > value="false" />* >>>>>>>>>> > </jaxws:properties> >>>>>>>>>> > </jaxws:endpoint> >>>>>>>>>> > >>>>>>>>>> > But doing these changes still I am facing the same problem. >>>>>>>>>> Also if I am >>>>>>>>>> > not putting highlighted property in cxf-servlet.xml then I am >>>>>>>>>> facing below >>>>>>>>>> > mentioned issue >>>>>>>>>> > >>>>>>>>>> > *Caused by: org.apache.ws.security.WSSecurityException: An >>>>>>>>>> invalid >>>>>>>>>> > security token was provided (Bad ValueType >>>>>>>>>> > " >>>>>>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 >>>>>>>>>> > < >>>>>>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 >>>>>>>>>> >")* >>>>>>>>>> > * at >>>>>>>>>> > >>>>>>>>>> org.apache.ws.security.str.BSPEnforcer.checkBinarySecurityBSPCompliance(BSPEnforcer.java:70)* >>>>>>>>>> > * at >>>>>>>>>> > >>>>>>>>>> org.apache.ws.security.str.EncryptedKeySTRParser.parseSecurityTokenReference(EncryptedKeySTRParser.java:117)* >>>>>>>>>> > * at >>>>>>>>>> > >>>>>>>>>> org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:297)* >>>>>>>>>> > * at >>>>>>>>>> > >>>>>>>>>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:114)* >>>>>>>>>> > * at >>>>>>>>>> > >>>>>>>>>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:65)* >>>>>>>>>> > * at >>>>>>>>>> > >>>>>>>>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)* >>>>>>>>>> > * at >>>>>>>>>> > >>>>>>>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)* >>>>>>>>>> > >>>>>>>>>> > Just want to confirm why we need to put this property in >>>>>>>>>> cxf-servlet.xml. >>>>>>>>>> > Is this the best approach or there is something I am missing. >>>>>>>>>> > >>>>>>>>>> > Thanks again for your time. Looking forward for your response. >>>>>>>>>> > >>>>>>>>>> > Thanks, Puneet, >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > On Mon, Jul 21, 2014 at 3:19 PM, Colm O hEigeartaigh < >>>>>>>>>> [email protected]> >>>>>>>>>> > wrote: >>>>>>>>>> > >>>>>>>>>> >> Hi, >>>>>>>>>> >> >>>>>>>>>> >> You are mixing up the two different ways of configuring >>>>>>>>>> WS-Security in >>>>>>>>>> >> CXF. >>>>>>>>>> >> The "action" based approach involves defining >>>>>>>>>> WSS4JOutInterceptor + >>>>>>>>>> >> WSS4JInInterceptors + explicitly adding them to the >>>>>>>>>> interceptor chain. >>>>>>>>>> >> However, when you have a security policy, you don't need to do >>>>>>>>>> any of this >>>>>>>>>> >> as CXF will take care of configuring WSS4J for you. In this >>>>>>>>>> case, you just >>>>>>>>>> >> need to define some JAX-WS properties (keystores etc.). For >>>>>>>>>> example, see >>>>>>>>>> >> the following test configuration: >>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob_plain;f=systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client/client.xml;hb=refs/heads/2.7.x-fixes >>>>>>>>>> >> >>>>>>>>>> >> e.g. >>>>>>>>>> >> >>>>>>>>>> >> <jaxws:client name="{ >>>>>>>>>> >> >>>>>>>>>> http://www.example.org/contract/DoubleIt}DoubleItAsymmetricSignEncryptPort >>>>>>>>>> >> " >>>>>>>>>> >> createdFromAPI="true"> >>>>>>>>>> >> <jaxws:properties> >>>>>>>>>> >> <entry key="ws-security.callback-handler" >>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>> value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/> >>>>>>>>>> >> <entry key="ws-security.encryption.properties" >>>>>>>>>> >> value="bob.properties"/> >>>>>>>>>> >> <entry key="ws-security.encryption.username" >>>>>>>>>> value="bob"/> >>>>>>>>>> >> <entry key="ws-security.signature.properties" >>>>>>>>>> >> value="alice.properties"/> >>>>>>>>>> >> <entry key="ws-security.signature.username" >>>>>>>>>> value="alice"/> >>>>>>>>>> >> </jaxws:properties> >>>>>>>>>> >> </jaxws:client> >>>>>>>>>> >> >>>>>>>>>> >> Colm. >>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>> >> On Sat, Jul 19, 2014 at 4:38 PM, Puneet Gupta < >>>>>>>>>> >> [email protected]> >>>>>>>>>> >> wrote: >>>>>>>>>> >> >>>>>>>>>> >> > Hi All, >>>>>>>>>> >> > >>>>>>>>>> >> > I am migrating from Axis2 Web Services to Apache CXF. In >>>>>>>>>> axis2, I had >>>>>>>>>> >> > configured security using Rampart and I have configured it >>>>>>>>>> using >>>>>>>>>> >> following >>>>>>>>>> >> > policy settings: >>>>>>>>>> >> > >>>>>>>>>> >> > *<wsp:Policy wsu:Id="SigEncr"* >>>>>>>>>> >> > * >>>>>>>>>> >> > xmlns:wsu=" >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>>>>>>>>> >> > < >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>>>>>>>>> >> > >"* >>>>>>>>>> >> > * xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy >>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2004/09/policy>">* >>>>>>>>>> >> > * <wsp:ExactlyOne>* >>>>>>>>>> >> > * <wsp:All>* >>>>>>>>>> >> > * <sp:AsymmetricBinding* >>>>>>>>>> >> > * xmlns:sp=" >>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>>>>>>> >> > * <wsp:Policy>* >>>>>>>>>> >> > * <sp:InitiatorToken>* >>>>>>>>>> >> > * <wsp:Policy>* >>>>>>>>>> >> > * <sp:X509Token* >>>>>>>>>> >> > * >>>>>>>>>> >> > sp:IncludeToken=" >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>>>>>>>> >> > < >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>>>>>>>> >> > >">* >>>>>>>>>> >> > * <wsp:Policy>* >>>>>>>>>> >> > * <sp:RequireKeyIdentifierReference />* >>>>>>>>>> >> > * <sp:WssX509V3Token10 />* >>>>>>>>>> >> > * </wsp:Policy>* >>>>>>>>>> >> > * </sp:X509Token>* >>>>>>>>>> >> > * </wsp:Policy>* >>>>>>>>>> >> > * </sp:InitiatorToken>* >>>>>>>>>> >> > * <sp:RecipientToken>* >>>>>>>>>> >> > * <wsp:Policy>* >>>>>>>>>> >> > * <sp:X509Token* >>>>>>>>>> >> > * >>>>>>>>>> >> > sp:IncludeToken=" >>>>>>>>>> >> > >>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never >>>>>>>>>> >> > < >>>>>>>>>> >> >>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never >>>>>>>>>> >> > >">* >>>>>>>>>> >> > * <wsp:Policy>* >>>>>>>>>> >> > * <sp:RequireKeyIdentifierReference />* >>>>>>>>>> >> > * <sp:WssX509V3Token10 />* >>>>>>>>>> >> > * </wsp:Policy>* >>>>>>>>>> >> > * </sp:X509Token>* >>>>>>>>>> >> > * </wsp:Policy>* >>>>>>>>>> >> > * </sp:RecipientToken>* >>>>>>>>>> >> > * <sp:AlgorithmSuite>* >>>>>>>>>> >> > * <wsp:Policy>* >>>>>>>>>> >> > * <sp:TripleDesRsa15 />* >>>>>>>>>> >> > * </wsp:Policy>* >>>>>>>>>> >> > * </sp:AlgorithmSuite>* >>>>>>>>>> >> > * <sp:Layout>* >>>>>>>>>> >> > * <wsp:Policy>* >>>>>>>>>> >> > * <sp:Strict />* >>>>>>>>>> >> > * </wsp:Policy>* >>>>>>>>>> >> > * </sp:Layout>* >>>>>>>>>> >> > * <sp:IncludeTimestamp />* >>>>>>>>>> >> > * <sp:OnlySignEntireHeadersAndBody />* >>>>>>>>>> >> > * </wsp:Policy>* >>>>>>>>>> >> > * </sp:AsymmetricBinding>* >>>>>>>>>> >> > * <sp:Wss10 xmlns:sp=" >>>>>>>>>> >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>>>>>>> >> > * <wsp:Policy>* >>>>>>>>>> >> > * <sp:MustSupportRefKeyIdentifier />* >>>>>>>>>> >> > * <sp:MustSupportRefIssuerSerial />* >>>>>>>>>> >> > * </wsp:Policy>* >>>>>>>>>> >> > * </sp:Wss10>* >>>>>>>>>> >> > * <sp:SignedParts* >>>>>>>>>> >> > * xmlns:sp=" >>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>>>>>>> >> > * <sp:Body />* >>>>>>>>>> >> > * </sp:SignedParts>* >>>>>>>>>> >> > * <sp:EncryptedParts* >>>>>>>>>> >> > * xmlns:sp=" >>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>>>>>>> >> > * <sp:Body />* >>>>>>>>>> >> > * </sp:EncryptedParts>* >>>>>>>>>> >> > >>>>>>>>>> >> > * <ramp:RampartConfig xmlns:ramp=" >>>>>>>>>> http://ws.apache.org/rampart/policy >>>>>>>>>> >> > <http://ws.apache.org/rampart/policy>">* >>>>>>>>>> >> > * <ramp:user>service</ramp:user>* >>>>>>>>>> >> > * <ramp:encryptionUser>client</ramp:encryptionUser>* >>>>>>>>>> >> > * >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> <ramp:passwordCallbackClass>com.test.webservice.PWCBHandler</ramp:passwordCallbackClass>* >>>>>>>>>> >> > >>>>>>>>>> >> > * <ramp:signatureCrypto>* >>>>>>>>>> >> > * <ramp:crypto >>>>>>>>>> >> provider="org.apache.ws.security.components.crypto.Merlin">* >>>>>>>>>> >> > * <ramp:property* >>>>>>>>>> >> > * >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>* >>>>>>>>>> >> > * <ramp:property >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>* >>>>>>>>>> >> > * <ramp:property* >>>>>>>>>> >> > * >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>* >>>>>>>>>> >> > * </ramp:crypto>* >>>>>>>>>> >> > * </ramp:signatureCrypto>* >>>>>>>>>> >> > * <ramp:encryptionCypto>* >>>>>>>>>> >> > * <ramp:crypto >>>>>>>>>> >> provider="org.apache.ws.security.components.crypto.Merlin">* >>>>>>>>>> >> > * <ramp:property* >>>>>>>>>> >> > * >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>* >>>>>>>>>> >> > * <ramp:property >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>* >>>>>>>>>> >> > * <ramp:property* >>>>>>>>>> >> > * >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>* >>>>>>>>>> >> > * </ramp:crypto>* >>>>>>>>>> >> > * </ramp:encryptionCypto>* >>>>>>>>>> >> > * </ramp:RampartConfig>* >>>>>>>>>> >> > * </wsp:All>* >>>>>>>>>> >> > * </wsp:ExactlyOne>* >>>>>>>>>> >> > * </wsp:Policy>* >>>>>>>>>> >> > >>>>>>>>>> >> > In Apache CXF, I am trying to configure the security >>>>>>>>>> following below >>>>>>>>>> >> steps: >>>>>>>>>> >> > >>>>>>>>>> >> > 1. I have created as ws-policy.xml file and is placed under >>>>>>>>>> >> WEB-INF/classes >>>>>>>>>> >> > folder. I am providing this policy file to service class >>>>>>>>>> using @Policies >>>>>>>>>> >> > annotation. Ex: >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> > *@Policy(uri = "ws-policy.xml")* >>>>>>>>>> >> > *@WebService(targetNamespace = "http://webservice.test.com >>>>>>>>>> >> > <http://webservice.test.com>", name = "WSServicePortType")* >>>>>>>>>> >> > *public class WSService {* >>>>>>>>>> >> > *//Service method goes here.* >>>>>>>>>> >> > *}* >>>>>>>>>> >> > >>>>>>>>>> >> > Contents of ws-policy.xml is as follows: >>>>>>>>>> >> > >>>>>>>>>> >> > *<wsp:Policy* >>>>>>>>>> >> > * >>>>>>>>>> >> > xmlns:wsu=" >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>>>>>>>>> >> > < >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>>>>>>>>> >> > >"* >>>>>>>>>> >> > * xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy >>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2004/09/policy>">* >>>>>>>>>> >> > >>>>>>>>>> >> > * <sp:AsymmetricBinding* >>>>>>>>>> >> > * xmlns:sp=" >>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>>>>>>> >> > * <wsp:Policy>* >>>>>>>>>> >> > * <sp:InitiatorToken>* >>>>>>>>>> >> > * <wsp:Policy>* >>>>>>>>>> >> > * <sp:X509Token* >>>>>>>>>> >> > * >>>>>>>>>> >> > sp:IncludeToken=" >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>>>>>>>> >> > < >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>>>>>>>> >> > >">* >>>>>>>>>> >> > * <wsp:Policy>* >>>>>>>>>> >> > * <sp:RequireIssuerSerialReference />* >>>>>>>>>> >> > * </wsp:Policy>* >>>>>>>>>> >> > * </sp:X509Token>* >>>>>>>>>> >> > * </wsp:Policy>* >>>>>>>>>> >> > * </sp:InitiatorToken>* >>>>>>>>>> >> > * <sp:RecipientToken>* >>>>>>>>>> >> > * <wsp:Policy>* >>>>>>>>>> >> > * <sp:X509Token* >>>>>>>>>> >> > * >>>>>>>>>> >> > sp:IncludeToken=" >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>>>>>>>> >> > < >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>>>>>>>> >> > >">* >>>>>>>>>> >> > * <wsp:Policy>* >>>>>>>>>> >> > * <sp:RequireIssuerSerialReference />* >>>>>>>>>> >> > * </wsp:Policy>* >>>>>>>>>> >> > * </sp:X509Token>* >>>>>>>>>> >> > * </wsp:Policy>* >>>>>>>>>> >> > * </sp:RecipientToken>* >>>>>>>>>> >> > * <sp:AlgorithmSuite>* >>>>>>>>>> >> > * <wsp:Policy>* >>>>>>>>>> >> > * <sp:TripleDesRsa15 />* >>>>>>>>>> >> > * </wsp:Policy>* >>>>>>>>>> >> > * </sp:AlgorithmSuite>* >>>>>>>>>> >> > * <sp:Layout>* >>>>>>>>>> >> > * <wsp:Policy>* >>>>>>>>>> >> > * <sp:Strict />* >>>>>>>>>> >> > * </wsp:Policy>* >>>>>>>>>> >> > * </sp:Layout>* >>>>>>>>>> >> > * </wsp:Policy>* >>>>>>>>>> >> > * </sp:AsymmetricBinding>* >>>>>>>>>> >> > >>>>>>>>>> >> > * <sp:Wss10 xmlns:sp=" >>>>>>>>>> >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>>>>>>> >> > * <wsp:Policy>* >>>>>>>>>> >> > * <sp:MustSupportRefKeyIdentifier />* >>>>>>>>>> >> > * <sp:MustSupportRefIssuerSerial />* >>>>>>>>>> >> > * </wsp:Policy>* >>>>>>>>>> >> > * </sp:Wss10>* >>>>>>>>>> >> > * <sp:SignedParts >>>>>>>>>> >> > xmlns:sp=" >>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>>>>>>> >> > * <sp:Body />* >>>>>>>>>> >> > * </sp:SignedParts>* >>>>>>>>>> >> > * <sp:EncryptedParts* >>>>>>>>>> >> > * xmlns:sp=" >>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy >>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">* >>>>>>>>>> >> > * <sp:Body />* >>>>>>>>>> >> > * </sp:EncryptedParts>* >>>>>>>>>> >> > *</wsp:Policy>* >>>>>>>>>> >> > >>>>>>>>>> >> > 2. To configure WSS4J, I am using following snippet in >>>>>>>>>> cxf-servlet.xml: >>>>>>>>>> >> > >>>>>>>>>> >> > * <jaxws:endpoint address="/WSService">* >>>>>>>>>> >> > * <jaxws:implementor>* >>>>>>>>>> >> > * <bean id="WSService"* >>>>>>>>>> >> > * class="com.test.webservice.WSService" />* >>>>>>>>>> >> > * </jaxws:implementor>* >>>>>>>>>> >> > * <jaxws:inInterceptors>* >>>>>>>>>> >> > * <ref bean="wss4jInConfiguration" />* >>>>>>>>>> >> > * <bean class="com.test.webservice.AuthHandler">* >>>>>>>>>> >> > * </bean>* >>>>>>>>>> >> > * </jaxws:inInterceptors>* >>>>>>>>>> >> > * <jaxws:outInterceptors>* >>>>>>>>>> >> > * <ref bean="wss4jOutConfiguration" />* >>>>>>>>>> >> > * <bean class="com.test.webservice.LogHandler">* >>>>>>>>>> >> > * </bean>* >>>>>>>>>> >> > * </jaxws:outInterceptors>* >>>>>>>>>> >> > * <jaxws:properties>* >>>>>>>>>> >> > * <entry key="ws-security.is-bsp-compliant" value="false" />* >>>>>>>>>> >> > * </jaxws:properties>* >>>>>>>>>> >> > * </jaxws:endpoint>* >>>>>>>>>> >> > >>>>>>>>>> >> > * <bean id="wss4jInConfiguration" >>>>>>>>>> >> > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">* >>>>>>>>>> >> > * <constructor-arg>* >>>>>>>>>> >> > * <map>* >>>>>>>>>> >> > * <entry key="action" value="Signature Encrypt Timestamp" />* >>>>>>>>>> >> > * <entry key="signaturePropFile" value="service.properties" >>>>>>>>>> />* >>>>>>>>>> >> > * <entry key="decryptionPropFile" value="service.properties" >>>>>>>>>> />* >>>>>>>>>> >> > * <entry key="encryptionPropFile" value="service.properties" >>>>>>>>>> />* >>>>>>>>>> >> > * <entry key="passwordCallbackClass" >>>>>>>>>> >> > value="com.test.webservice.PWCBHandler" />* >>>>>>>>>> >> > * </map>* >>>>>>>>>> >> > * </constructor-arg>* >>>>>>>>>> >> > * </bean>* >>>>>>>>>> >> > >>>>>>>>>> >> > * <bean id="wss4jOutConfiguration" >>>>>>>>>> >> > >>>>>>>>>> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">* >>>>>>>>>> >> > * <constructor-arg>* >>>>>>>>>> >> > * <map>* >>>>>>>>>> >> > * <entry key="action" value="Timestamp Signature Encrypt" />* >>>>>>>>>> >> > * <entry key="passwordCallbackClass" >>>>>>>>>> >> > value="com.test.webservice.PWCBHandler" />* >>>>>>>>>> >> > * <entry key="signaturePropFile" value="service.properties" >>>>>>>>>> />* >>>>>>>>>> >> > * <entry key="encryptionPropFile" value="service.properties" >>>>>>>>>> />* >>>>>>>>>> >> > * <entry key="decryptionPropFile" value="service.properties" >>>>>>>>>> />* >>>>>>>>>> >> > * </map>* >>>>>>>>>> >> > * </constructor-arg>* >>>>>>>>>> >> > * </bean>* >>>>>>>>>> >> > >>>>>>>>>> >> > service.properties is also present in WEB-INF/classes >>>>>>>>>> folder. Its >>>>>>>>>> >> content >>>>>>>>>> >> > are as below: >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> *org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin* >>>>>>>>>> >> > *org.apache.ws.security.crypto.merlin.keystore.type=jks* >>>>>>>>>> >> > >>>>>>>>>> *org.apache.ws.security.crypto.merlin.keystore.password=password* >>>>>>>>>> >> > *org.apache.ws.security.crypto.merlin.file=service.jks* >>>>>>>>>> >> > >>>>>>>>>> >> > Using above configuration I am getting below mentioned >>>>>>>>>> exception when I >>>>>>>>>> >> am >>>>>>>>>> >> > trying to access web service through client which is >>>>>>>>>> configured using >>>>>>>>>> >> same >>>>>>>>>> >> > security setting which I used while I was in axis2: >>>>>>>>>> >> > >>>>>>>>>> >> > 20:49:21,744 WARN [ws.security.wss4j.WSS4JInInterceptor >>>>>>>>>> ] >>>>>>>>>> >> - >>>>>>>>>> >> > org.apache.ws.security.WSSecurityException: The signature or >>>>>>>>>> decryption >>>>>>>>>> >> was >>>>>>>>>> >> > invalid >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:450) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:241) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206) >>>>>>>>>> >> > at >>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:647) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310) >>>>>>>>>> >> > at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown >>>>>>>>>> Source) >>>>>>>>>> >> > at >>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) >>>>>>>>>> >> > at java.lang.Thread.run(Unknown Source) >>>>>>>>>> >> > 20:49:21,745 WARN [apache.cxf.phase.PhaseInterceptorChain >>>>>>>>>> ] >>>>>>>>>> >> - >>>>>>>>>> >> > Interceptor for {http://webservice.test.com >>>>>>>>>> >> > }WSAmandaSecurityServiceService#{ >>>>>>>>>> >> > http://webservice.test.com}authenticateUser has thrown >>>>>>>>>> exception, >>>>>>>>>> >> > unwinding >>>>>>>>>> >> > now >>>>>>>>>> >> > org.apache.cxf.binding.soap.SoapFault: The signature or >>>>>>>>>> decryption was >>>>>>>>>> >> > invalid >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:850) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:327) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:241) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206) >>>>>>>>>> >> > at >>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:647) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310) >>>>>>>>>> >> > at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown >>>>>>>>>> Source) >>>>>>>>>> >> > at >>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) >>>>>>>>>> >> > at java.lang.Thread.run(Unknown Source) >>>>>>>>>> >> > Caused by: org.apache.ws.security.WSSecurityException: The >>>>>>>>>> signature or >>>>>>>>>> >> > decryption was invalid >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:450) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) >>>>>>>>>> >> > at >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270) >>>>>>>>>> >> > ... 28 test >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> > Can anyone help me identify if I am missing anything while >>>>>>>>>> configuring >>>>>>>>>> >> > WSS4J in apache cxf, so that I can use same client to access >>>>>>>>>> cxf web >>>>>>>>>> >> > service? >>>>>>>>>> >> > >>>>>>>>>> >> > Thanks for your time and help. >>>>>>>>>> >> > >>>>>>>>>> >> > Regards, Puneet. >>>>>>>>>> >> > >>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>> >> -- >>>>>>>>>> >> Colm O hEigeartaigh >>>>>>>>>> >> >>>>>>>>>> >> Talend Community Coder >>>>>>>>>> >> http://coders.talend.com >>>>>>>>>> >> >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Colm O hEigeartaigh >>>>>>>>>> >>>>>>>>>> Talend Community Coder >>>>>>>>>> http://coders.talend.com >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Colm O hEigeartaigh >>>>>> >>>>>> Talend Community Coder >>>>>> http://coders.talend.com >>>>>> >>>>> >>>>> >>>> >>> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
