> Still I am facing below issue:
> These policy alternatives can not be satisfied:
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The
received token does not match the token inclusion requirement
Normally, when the X.509 certificate is included in the message, it is
included as a BinarySecurityToken, and the Signature KeyInfo just
references this. However, in the SOAP-UI testcase you have submitted it
includes the certificate in the Signature KeyIdentifier instead. I've just
merged a fix to WSS4J + CXF to check for this case + set the policy
appropriately. So you can either grab the latest WSS4J + CXF SNAPSHOTS
(when they're built) and test with this, or you can change the SOAP UI
signatureKeyIdentifier setting to use "DirectReference" instead.
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout: Layout
does not match the requirements
The problem here is that the Timestamp is under the Signature. Strict
Layout means that anything in the security header which is signed, must be
above the Signature itself. You can either move the Timestamp up or else
change the Layout to "Lax".
Colm.
On Mon, Aug 25, 2014 at 1:53 PM, Puneet Gupta <[email protected]>
wrote:
> Hi Colm,
>
> Thanks for your inputs. Following your suggestions I have tried signing
> TimeStamp and Body parts and have updated the client. Please find it
> attached.
>
> Still I am facing below issue:
>
> These policy alternatives can not be satisfied:
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The
> received token does not match the token inclusion requirement
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout: Layout
> does not match the requirements
>
> After following the above error, I have found this link:
> http://mail-archives.apache.org/mod_mbox/cxf-users/201402.mbox/%3ccab8xdga+5ky2r0amhsxcdqhxemrghe0sgsk95jybskn5ywn...@mail.gmail.com%3E
>
> It has same X509 settings as we have and It says its a bug in CXF and
> recently fixed. Does Apache CXF 2.7.12 contains this fix? If yes then what
> I am missing here?
>
> Also, do you have any pointers to configure Layout in SOAP UI, because I
> haven't found relevant information from google? However removing layout
> from policy does remove this second error.
>
> Thanks, Puneet.
>
>
> On Mon, Aug 25, 2014 at 2:38 PM, Colm O hEigeartaigh <[email protected]>
> wrote:
>
>> Your "ws-policy-new.xml" is not working because it is invalid - there are
>> two wsu:Id attributes. I think you are not going to get this to work if
>> you
>> can't change the clients, as you have a fundamental problem with the
>> Timestamp. The clients are not signing the Timestamp, which they are
>> required to do as per the sp:IncludeTimestamp policy. If Axis is not
>> enforcing this then it is a bug in the security validation on their part.
>>
>> Colm.
>>
>>
>> On Sat, Aug 23, 2014 at 12:04 PM, Puneet Gupta <
>> [email protected]>
>> wrote:
>>
>> > Hi Colm,
>> >
>> > Thanks for your valuable suggestions. I have upgraded my project to
>> 2.7.12
>> > and now I am not getting exception that I was getting earlier.
>> >
>> > Following your suggestions I have also included <sp:IncludeTimestamp />
>> > and <sp:MustSupportRefIssuerSerial /> in my policy file. Still I am
>> getting
>> > below exception:
>> >
>> > *These policy alternatives can not be satisfied: *
>> > *{
>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding
>> > <
>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702%7DAsymmetricBinding
>> >:
>> > Received Timestamp does not match the requirements*
>> > *{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
>> > <http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702%7DX509Token
>> >:
>> > The received token does not match the token inclusion requirement*
>> > *{
>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken
>> > <
>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702%7DInitiatorToken
>> >*
>> > *{
>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
>> > <
>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702%7DRecipientToken
>> >*
>> > *{
>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp
>> > <
>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702%7DIncludeTimestamp
>> >:
>> > Received Timestamp does not match the requirements*
>> >
>> > Please find attached updated *ws-policy.xml*. My main motto is that my
>> > old client are spared of making changes at their end to configure
>> security.
>> > I want them to upgrade to my service without making any changes in
>> current
>> > running clients.
>> >
>> > My confusion is that we have this same policy file and it was working
>> with
>> > Axis2 WS. Please help me figure this thing out.
>> >
>> > I have also tried to write new *ws-policy-new.xml* following below this
>> > link: http://www.w3.org/TR/ws-policy-attach/. Same file is attached
>> here
>> > also, but I got following exception working with this file:
>> >
>> > *Unexpected wrapper element
>> > {http://www.w3.org/2001/04/xmlenc#}EncryptedData
>> > <http://www.w3.org/2001/04/xmlenc#%7DEncryptedData> found. Expected
>> > {http://webservice.test.com <http://webservice.test.com>}echo.*
>> >
>> > I am not able to understand how to proceed. Please share some thoughts
>> > over it.
>> >
>> > Thanks, Puneet.
>> >
>> >
>> > On Fri, Aug 22, 2014 at 7:50 PM, Colm O hEigeartaigh <
>> [email protected]>
>> > wrote:
>> >
>> >> Hi,
>> >>
>> >> The problem is a bug in CXF 2.7.11 that you are running into:
>> >>
>> >> https://issues.apache.org/jira/browse/CXF-5679
>> >>
>> >> Upgrade to CXF 2.7.12 for the fix. BTW your test-case is still not
>> valid
>> >> after this, as the request does not quite match the policy on the
>> service
>> >> side, e.g. the Timestamp is not signed, IssuerSerial is not used, etc.
>> >>
>> >> Colm.
>> >>
>> >>
>> >> On Thu, Aug 21, 2014 at 7:35 AM, Puneet Gupta <
>> >> [email protected]> wrote:
>> >>
>> >>> Hi Colm,
>> >>>
>> >>> I know you were on vacation last week, but if you can find some time
>> to
>> >>> look into it, will be highly appreciated.
>> >>>
>> >>> Regards, Puneet.
>> >>>
>> >>>
>> >>> On Fri, Aug 8, 2014 at 10:46 AM, Puneet Gupta <
>> >>> [email protected]> wrote:
>> >>>
>> >>>> I am also attaching modified project. Please use it if required.
>> >>>>
>> >>>> Thanks.
>> >>>>
>> >>>>
>> >>>> On Fri, Aug 8, 2014 at 10:45 AM, Puneet Gupta <
>> >>>> [email protected]> wrote:
>> >>>>
>> >>>>> Hi Colm,
>> >>>>>
>> >>>>> Following your suggestion I have removed WSS4J+XML Sec from pom.xml.
>> >>>>> Now dependency included by cxf-rt-ws-security is wss4j-1.6.15
>> >>>>> and xmlsec-1.5.6 respectively. But getting same exception I was
>> getting
>> >>>>> earlier:
>> >>>>>
>> >>>>> *Caused by: org.apache.ws.security.WSSecurityException: The
>> signature
>> >>>>> or decryption was invalid*
>> >>>>> * at
>> >>>>>
>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:451)*
>> >>>>> * at
>> >>>>>
>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231)*
>> >>>>> * at
>> >>>>>
>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)*
>> >>>>> * at
>> >>>>>
>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)*
>> >>>>> * ... 29 more*
>> >>>>>
>> >>>>> Sorry for keep on bothering you. Please guide me further.
>> >>>>>
>> >>>>> Regards, Puneet.
>> >>>>>
>> >>>>>
>> >>>>> On Wed, Aug 6, 2014 at 8:07 PM, Colm O hEigeartaigh <
>> >>>>> [email protected]> wrote:
>> >>>>>
>> >>>>>>
>> >>>>>> Without running the project, one immediate error I see is that you
>> >>>>>> are including XML Security 2.0.0. This is not compatible with
>> WSS4J 1.6.x
>> >>>>>> or CXF 2.7.x. WSS4J + XML Security will get pulled in from the
>> >>>>>> cxf-rt-ws-security dependency anyway, so just remove WSS4J + XML
>> Security
>> >>>>>> from the pom + see if this works.
>> >>>>>>
>> >>>>>> Colm.
>> >>>>>>
>> >>>>>>
>> >>>>>> On Wed, Aug 6, 2014 at 7:40 AM, Puneet Gupta <
>> >>>>>> [email protected]> wrote:
>> >>>>>>
>> >>>>>>> Hi Colm,
>> >>>>>>>
>> >>>>>>> Please find attached zip file containing:
>> >>>>>>>
>> >>>>>>> 1. A sample service with source code(demo-security.zip).
>> >>>>>>> 2. A Sample SOAP UI (DemoSecurity-soapui-project.xml) project with
>> >>>>>>> security configured in the project itself. (Generally we are
>> using SOAP UI
>> >>>>>>> for testing our service in development environment. Using Axis2
>> we had same
>> >>>>>>> configuration in SOAP UI and there wss4j worked for us.)
>> >>>>>>> 3. Attached zip file also contains a generated client.jks file
>> which
>> >>>>>>> you will need to point in your local environment while working
>> through SOAP
>> >>>>>>> UI.
>> >>>>>>> 4. A bat file which contains detailed steps which I followed to
>> >>>>>>> generate key stores. I used jdk1.7.0_15 to generate key stores.
>> >>>>>>>
>> >>>>>>> Waiting for your response. Any pointers where I am missing the
>> trick
>> >>>>>>> is highly appreciated.
>> >>>>>>>
>> >>>>>>> Regards,
>> >>>>>>> Puneet.
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> On Thu, Jul 31, 2014 at 3:01 PM, Puneet Gupta <
>> >>>>>>> [email protected]> wrote:
>> >>>>>>>
>> >>>>>>>> Also I tried enabling logging information by specifying following
>> >>>>>>>> property in Tomcat launch configuration, but haven't found
>> anything
>> >>>>>>>> relevant information there:
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> -Djava.util.logging.config.file=C:\Users\p.gupta\Desktop\logging.properties
>> >>>>>>>> -Dorg.apache.cxf.Logger=org.apache.cxf.common.logging.Slf4jLogger
>> >>>>>>>>
>> >>>>>>>> I have set logging level to Finest in logging.properties.
>> >>>>>>>>
>> >>>>>>>> Thanks, Puneet.
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>> On Thu, Jul 31, 2014 at 2:58 PM, Puneet Gupta <
>> >>>>>>>> [email protected]> wrote:
>> >>>>>>>>
>> >>>>>>>>> Hi Colm,
>> >>>>>>>>>
>> >>>>>>>>> Can you please help me understand what exactly you want in
>> sample
>> >>>>>>>>> test case. Should I send you a sample project with all current
>> >>>>>>>>> configuration and a sample client in which I am facing this
>> issue? Would
>> >>>>>>>>> that be sufficient?
>> >>>>>>>>>
>> >>>>>>>>> Please note that I am using SOAP UI as testing tool for my
>> >>>>>>>>> service. I am getting "BSP" error on client that is created in
>> >>>>>>>>> SOAP UI. I haven't tried creating a CXF client yet.
>> >>>>>>>>>
>> >>>>>>>>> Thanks for your patience.
>> >>>>>>>>>
>> >>>>>>>>> Puneet.
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>> On Tue, Jul 22, 2014 at 2:57 PM, Colm O hEigeartaigh <
>> >>>>>>>>> [email protected]> wrote:
>> >>>>>>>>>
>> >>>>>>>>>> Hi,
>> >>>>>>>>>>
>> >>>>>>>>>> Your approach of adding the security properties as
>> >>>>>>>>>> "jaxws:properties" for
>> >>>>>>>>>> the Endpoint is correct. If you are still seeing the error at
>> >>>>>>>>>>
>> >>>>>>>>>>
>> "org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature"
>> >>>>>>>>>> then I recommend turning logging up to "DEBUG" setting +
>> having a
>> >>>>>>>>>> look.
>> >>>>>>>>>> This will tell you exactly where/why signature validation is
>> >>>>>>>>>> failing. The
>> >>>>>>>>>> likelihood is that the signing certificate is not trusted by
>> the
>> >>>>>>>>>> service
>> >>>>>>>>>> endpoint. If you are still really stuck, then if you create a
>> >>>>>>>>>> test-case to
>> >>>>>>>>>> reproduce the problem I will take a look.
>> >>>>>>>>>>
>> >>>>>>>>>> With regards to the "BSP" error, could you paste the content of
>> >>>>>>>>>> the
>> >>>>>>>>>> EncryptedKey structure in the security header into a mail? Is
>> the
>> >>>>>>>>>> client a
>> >>>>>>>>>> CXF client or a third party product? This type of error occurs
>> >>>>>>>>>> when no
>> >>>>>>>>>> "ValueType" attribute is present (or the wrong one is used),
>> >>>>>>>>>> which is
>> >>>>>>>>>> required by the Basic Security Profile specification.
>> >>>>>>>>>>
>> >>>>>>>>>> Colm.
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>> On Mon, Jul 21, 2014 at 1:33 PM, Puneet Gupta <
>> >>>>>>>>>> [email protected]>
>> >>>>>>>>>> wrote:
>> >>>>>>>>>>
>> >>>>>>>>>> > Hi Colm,
>> >>>>>>>>>> >
>> >>>>>>>>>> > Thanks for investing time in this. My problem is I need to
>> >>>>>>>>>> define security
>> >>>>>>>>>> > at server end. I do have ws-policy.xml but that file does not
>> >>>>>>>>>> have set of
>> >>>>>>>>>> > properties that can define WSS4J configuration. Can you
>> please
>> >>>>>>>>>> help me
>> >>>>>>>>>> > identify how I can define WSS4J related properties on server
>> >>>>>>>>>> side.
>> >>>>>>>>>> > Following your suggestions I have tried putting mentioned
>> >>>>>>>>>> properties in
>> >>>>>>>>>> > cxf-servlet.xml in below mentioned way (keeping ws-policy.xml
>> >>>>>>>>>> same as
>> >>>>>>>>>> > before):
>> >>>>>>>>>> >
>> >>>>>>>>>> > <jaxws:endpoint address="/WSService">
>> >>>>>>>>>> > <jaxws:implementor>
>> >>>>>>>>>> > <bean id="WSService"
>> >>>>>>>>>> > class="com.test.webservice.WSService" />
>> >>>>>>>>>> > </jaxws:implementor>
>> >>>>>>>>>> > <jaxws:inInterceptors>
>> >>>>>>>>>> > <bean class="com.test.webservice.AuthHandler"/>
>> >>>>>>>>>> > </jaxws:inInterceptors>
>> >>>>>>>>>> > <jaxws:outInterceptors>
>> >>>>>>>>>> > <bean class="com.test.webservice.LogHandler"/>
>> >>>>>>>>>> > </jaxws:outInterceptors>
>> >>>>>>>>>> > <jaxws:properties>
>> >>>>>>>>>> > <entry key="ws-security.callback-handler"
>> >>>>>>>>>> > value="com.test.webservice.PWCBHandler" />
>> >>>>>>>>>> > <entry key="ws-security.encryption.properties"
>> >>>>>>>>>> value="service.properties"
>> >>>>>>>>>> > />
>> >>>>>>>>>> > <entry key="ws-security.encryption.username"
>> value="service" />
>> >>>>>>>>>> > <entry key="ws-security.signature.properties"
>> >>>>>>>>>> value="service.properties" />
>> >>>>>>>>>> > <entry key="ws-security.signature.username" value="service"
>> />
>> >>>>>>>>>> > *<entry
>> >>>>>>>>>> key="ws-security.is-bsp-compliant"
>> >>>>>>>>>> > value="false" />*
>> >>>>>>>>>> > </jaxws:properties>
>> >>>>>>>>>> > </jaxws:endpoint>
>> >>>>>>>>>> >
>> >>>>>>>>>> > But doing these changes still I am facing the same problem.
>> >>>>>>>>>> Also if I am
>> >>>>>>>>>> > not putting highlighted property in cxf-servlet.xml then I am
>> >>>>>>>>>> facing below
>> >>>>>>>>>> > mentioned issue
>> >>>>>>>>>> >
>> >>>>>>>>>> > *Caused by: org.apache.ws.security.WSSecurityException: An
>> >>>>>>>>>> invalid
>> >>>>>>>>>> > security token was provided (Bad ValueType
>> >>>>>>>>>> > "
>> >>>>>>>>>>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> >>>>>>>>>> > <
>> >>>>>>>>>>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> >>>>>>>>>> >")*
>> >>>>>>>>>> > * at
>> >>>>>>>>>> >
>> >>>>>>>>>>
>> org.apache.ws.security.str.BSPEnforcer.checkBinarySecurityBSPCompliance(BSPEnforcer.java:70)*
>> >>>>>>>>>> > * at
>> >>>>>>>>>> >
>> >>>>>>>>>>
>> org.apache.ws.security.str.EncryptedKeySTRParser.parseSecurityTokenReference(EncryptedKeySTRParser.java:117)*
>> >>>>>>>>>> > * at
>> >>>>>>>>>> >
>> >>>>>>>>>>
>> org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:297)*
>> >>>>>>>>>> > * at
>> >>>>>>>>>> >
>> >>>>>>>>>>
>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:114)*
>> >>>>>>>>>> > * at
>> >>>>>>>>>> >
>> >>>>>>>>>>
>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:65)*
>> >>>>>>>>>> > * at
>> >>>>>>>>>> >
>> >>>>>>>>>>
>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)*
>> >>>>>>>>>> > * at
>> >>>>>>>>>> >
>> >>>>>>>>>>
>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)*
>> >>>>>>>>>> >
>> >>>>>>>>>> > Just want to confirm why we need to put this property in
>> >>>>>>>>>> cxf-servlet.xml.
>> >>>>>>>>>> > Is this the best approach or there is something I am missing.
>> >>>>>>>>>> >
>> >>>>>>>>>> > Thanks again for your time. Looking forward for your
>> response.
>> >>>>>>>>>> >
>> >>>>>>>>>> > Thanks, Puneet,
>> >>>>>>>>>> >
>> >>>>>>>>>> >
>> >>>>>>>>>> > On Mon, Jul 21, 2014 at 3:19 PM, Colm O hEigeartaigh <
>> >>>>>>>>>> [email protected]>
>> >>>>>>>>>> > wrote:
>> >>>>>>>>>> >
>> >>>>>>>>>> >> Hi,
>> >>>>>>>>>> >>
>> >>>>>>>>>> >> You are mixing up the two different ways of configuring
>> >>>>>>>>>> WS-Security in
>> >>>>>>>>>> >> CXF.
>> >>>>>>>>>> >> The "action" based approach involves defining
>> >>>>>>>>>> WSS4JOutInterceptor +
>> >>>>>>>>>> >> WSS4JInInterceptors + explicitly adding them to the
>> >>>>>>>>>> interceptor chain.
>> >>>>>>>>>> >> However, when you have a security policy, you don't need to
>> do
>> >>>>>>>>>> any of this
>> >>>>>>>>>> >> as CXF will take care of configuring WSS4J for you. In this
>> >>>>>>>>>> case, you just
>> >>>>>>>>>> >> need to define some JAX-WS properties (keystores etc.). For
>> >>>>>>>>>> example, see
>> >>>>>>>>>> >> the following test configuration:
>> >>>>>>>>>> >>
>> >>>>>>>>>> >>
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob_plain;f=systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client/client.xml;hb=refs/heads/2.7.x-fixes
>> >>>>>>>>>> >>
>> >>>>>>>>>> >> e.g.
>> >>>>>>>>>> >>
>> >>>>>>>>>> >> <jaxws:client name="{
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> http://www.example.org/contract/DoubleIt}DoubleItAsymmetricSignEncryptPort
>> >>>>>>>>>> >> "
>> >>>>>>>>>> >> createdFromAPI="true">
>> >>>>>>>>>> >> <jaxws:properties>
>> >>>>>>>>>> >> <entry key="ws-security.callback-handler"
>> >>>>>>>>>> >>
>> >>>>>>>>>> >>
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
>> >>>>>>>>>> >> <entry key="ws-security.encryption.properties"
>> >>>>>>>>>> >> value="bob.properties"/>
>> >>>>>>>>>> >> <entry key="ws-security.encryption.username"
>> >>>>>>>>>> value="bob"/>
>> >>>>>>>>>> >> <entry key="ws-security.signature.properties"
>> >>>>>>>>>> >> value="alice.properties"/>
>> >>>>>>>>>> >> <entry key="ws-security.signature.username"
>> >>>>>>>>>> value="alice"/>
>> >>>>>>>>>> >> </jaxws:properties>
>> >>>>>>>>>> >> </jaxws:client>
>> >>>>>>>>>> >>
>> >>>>>>>>>> >> Colm.
>> >>>>>>>>>> >>
>> >>>>>>>>>> >>
>> >>>>>>>>>> >> On Sat, Jul 19, 2014 at 4:38 PM, Puneet Gupta <
>> >>>>>>>>>> >> [email protected]>
>> >>>>>>>>>> >> wrote:
>> >>>>>>>>>> >>
>> >>>>>>>>>> >> > Hi All,
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> > I am migrating from Axis2 Web Services to Apache CXF. In
>> >>>>>>>>>> axis2, I had
>> >>>>>>>>>> >> > configured security using Rampart and I have configured it
>> >>>>>>>>>> using
>> >>>>>>>>>> >> following
>> >>>>>>>>>> >> > policy settings:
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> > *<wsp:Policy wsu:Id="SigEncr"*
>> >>>>>>>>>> >> > *
>> >>>>>>>>>> >> > xmlns:wsu="
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> >>>>>>>>>> >> > <
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> >>>>>>>>>> >> > >"*
>> >>>>>>>>>> >> > * xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy
>> >>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2004/09/policy>">*
>> >>>>>>>>>> >> > * <wsp:ExactlyOne>*
>> >>>>>>>>>> >> > * <wsp:All>*
>> >>>>>>>>>> >> > * <sp:AsymmetricBinding*
>> >>>>>>>>>> >> > * xmlns:sp="
>> >>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
>> >>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
>> >>>>>>>>>> >> > * <wsp:Policy>*
>> >>>>>>>>>> >> > * <sp:InitiatorToken>*
>> >>>>>>>>>> >> > * <wsp:Policy>*
>> >>>>>>>>>> >> > * <sp:X509Token*
>> >>>>>>>>>> >> > *
>> >>>>>>>>>> >> > sp:IncludeToken="
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
>> >>>>>>>>>> >> > <
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
>> >>>>>>>>>> >> > >">*
>> >>>>>>>>>> >> > * <wsp:Policy>*
>> >>>>>>>>>> >> > * <sp:RequireKeyIdentifierReference />*
>> >>>>>>>>>> >> > * <sp:WssX509V3Token10 />*
>> >>>>>>>>>> >> > * </wsp:Policy>*
>> >>>>>>>>>> >> > * </sp:X509Token>*
>> >>>>>>>>>> >> > * </wsp:Policy>*
>> >>>>>>>>>> >> > * </sp:InitiatorToken>*
>> >>>>>>>>>> >> > * <sp:RecipientToken>*
>> >>>>>>>>>> >> > * <wsp:Policy>*
>> >>>>>>>>>> >> > * <sp:X509Token*
>> >>>>>>>>>> >> > *
>> >>>>>>>>>> >> > sp:IncludeToken="
>> >>>>>>>>>> >> >
>> >>>>>>>>>>
>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never
>> >>>>>>>>>> >> > <
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never
>> >>>>>>>>>> >> > >">*
>> >>>>>>>>>> >> > * <wsp:Policy>*
>> >>>>>>>>>> >> > * <sp:RequireKeyIdentifierReference />*
>> >>>>>>>>>> >> > * <sp:WssX509V3Token10 />*
>> >>>>>>>>>> >> > * </wsp:Policy>*
>> >>>>>>>>>> >> > * </sp:X509Token>*
>> >>>>>>>>>> >> > * </wsp:Policy>*
>> >>>>>>>>>> >> > * </sp:RecipientToken>*
>> >>>>>>>>>> >> > * <sp:AlgorithmSuite>*
>> >>>>>>>>>> >> > * <wsp:Policy>*
>> >>>>>>>>>> >> > * <sp:TripleDesRsa15 />*
>> >>>>>>>>>> >> > * </wsp:Policy>*
>> >>>>>>>>>> >> > * </sp:AlgorithmSuite>*
>> >>>>>>>>>> >> > * <sp:Layout>*
>> >>>>>>>>>> >> > * <wsp:Policy>*
>> >>>>>>>>>> >> > * <sp:Strict />*
>> >>>>>>>>>> >> > * </wsp:Policy>*
>> >>>>>>>>>> >> > * </sp:Layout>*
>> >>>>>>>>>> >> > * <sp:IncludeTimestamp />*
>> >>>>>>>>>> >> > * <sp:OnlySignEntireHeadersAndBody />*
>> >>>>>>>>>> >> > * </wsp:Policy>*
>> >>>>>>>>>> >> > * </sp:AsymmetricBinding>*
>> >>>>>>>>>> >> > * <sp:Wss10 xmlns:sp="
>> >>>>>>>>>> >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
>> >>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
>> >>>>>>>>>> >> > * <wsp:Policy>*
>> >>>>>>>>>> >> > * <sp:MustSupportRefKeyIdentifier />*
>> >>>>>>>>>> >> > * <sp:MustSupportRefIssuerSerial />*
>> >>>>>>>>>> >> > * </wsp:Policy>*
>> >>>>>>>>>> >> > * </sp:Wss10>*
>> >>>>>>>>>> >> > * <sp:SignedParts*
>> >>>>>>>>>> >> > * xmlns:sp="
>> >>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
>> >>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
>> >>>>>>>>>> >> > * <sp:Body />*
>> >>>>>>>>>> >> > * </sp:SignedParts>*
>> >>>>>>>>>> >> > * <sp:EncryptedParts*
>> >>>>>>>>>> >> > * xmlns:sp="
>> >>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
>> >>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
>> >>>>>>>>>> >> > * <sp:Body />*
>> >>>>>>>>>> >> > * </sp:EncryptedParts>*
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> > * <ramp:RampartConfig xmlns:ramp="
>> >>>>>>>>>> http://ws.apache.org/rampart/policy
>> >>>>>>>>>> >> > <http://ws.apache.org/rampart/policy>">*
>> >>>>>>>>>> >> > * <ramp:user>service</ramp:user>*
>> >>>>>>>>>> >> > * <ramp:encryptionUser>client</ramp:encryptionUser>*
>> >>>>>>>>>> >> > *
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> <ramp:passwordCallbackClass>com.test.webservice.PWCBHandler</ramp:passwordCallbackClass>*
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> > * <ramp:signatureCrypto>*
>> >>>>>>>>>> >> > * <ramp:crypto
>> >>>>>>>>>> >> provider="org.apache.ws.security.components.crypto.Merlin">*
>> >>>>>>>>>> >> > * <ramp:property*
>> >>>>>>>>>> >> > *
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>*
>> >>>>>>>>>> >> > * <ramp:property
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>*
>> >>>>>>>>>> >> > * <ramp:property*
>> >>>>>>>>>> >> > *
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>*
>> >>>>>>>>>> >> > * </ramp:crypto>*
>> >>>>>>>>>> >> > * </ramp:signatureCrypto>*
>> >>>>>>>>>> >> > * <ramp:encryptionCypto>*
>> >>>>>>>>>> >> > * <ramp:crypto
>> >>>>>>>>>> >> provider="org.apache.ws.security.components.crypto.Merlin">*
>> >>>>>>>>>> >> > * <ramp:property*
>> >>>>>>>>>> >> > *
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>*
>> >>>>>>>>>> >> > * <ramp:property
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>*
>> >>>>>>>>>> >> > * <ramp:property*
>> >>>>>>>>>> >> > *
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>*
>> >>>>>>>>>> >> > * </ramp:crypto>*
>> >>>>>>>>>> >> > * </ramp:encryptionCypto>*
>> >>>>>>>>>> >> > * </ramp:RampartConfig>*
>> >>>>>>>>>> >> > * </wsp:All>*
>> >>>>>>>>>> >> > * </wsp:ExactlyOne>*
>> >>>>>>>>>> >> > * </wsp:Policy>*
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> > In Apache CXF, I am trying to configure the security
>> >>>>>>>>>> following below
>> >>>>>>>>>> >> steps:
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> > 1. I have created as ws-policy.xml file and is placed
>> under
>> >>>>>>>>>> >> WEB-INF/classes
>> >>>>>>>>>> >> > folder. I am providing this policy file to service class
>> >>>>>>>>>> using @Policies
>> >>>>>>>>>> >> > annotation. Ex:
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> > *@Policy(uri = "ws-policy.xml")*
>> >>>>>>>>>> >> > *@WebService(targetNamespace = "
>> http://webservice.test.com
>> >>>>>>>>>> >> > <http://webservice.test.com>", name =
>> "WSServicePortType")*
>> >>>>>>>>>> >> > *public class WSService {*
>> >>>>>>>>>> >> > *//Service method goes here.*
>> >>>>>>>>>> >> > *}*
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> > Contents of ws-policy.xml is as follows:
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> > *<wsp:Policy*
>> >>>>>>>>>> >> > *
>> >>>>>>>>>> >> > xmlns:wsu="
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> >>>>>>>>>> >> > <
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> >>>>>>>>>> >> > >"*
>> >>>>>>>>>> >> > * xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy
>> >>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2004/09/policy>">*
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> > * <sp:AsymmetricBinding*
>> >>>>>>>>>> >> > * xmlns:sp="
>> >>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
>> >>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
>> >>>>>>>>>> >> > * <wsp:Policy>*
>> >>>>>>>>>> >> > * <sp:InitiatorToken>*
>> >>>>>>>>>> >> > * <wsp:Policy>*
>> >>>>>>>>>> >> > * <sp:X509Token*
>> >>>>>>>>>> >> > *
>> >>>>>>>>>> >> > sp:IncludeToken="
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
>> >>>>>>>>>> >> > <
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
>> >>>>>>>>>> >> > >">*
>> >>>>>>>>>> >> > * <wsp:Policy>*
>> >>>>>>>>>> >> > * <sp:RequireIssuerSerialReference />*
>> >>>>>>>>>> >> > * </wsp:Policy>*
>> >>>>>>>>>> >> > * </sp:X509Token>*
>> >>>>>>>>>> >> > * </wsp:Policy>*
>> >>>>>>>>>> >> > * </sp:InitiatorToken>*
>> >>>>>>>>>> >> > * <sp:RecipientToken>*
>> >>>>>>>>>> >> > * <wsp:Policy>*
>> >>>>>>>>>> >> > * <sp:X509Token*
>> >>>>>>>>>> >> > *
>> >>>>>>>>>> >> > sp:IncludeToken="
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
>> >>>>>>>>>> >> > <
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
>> >>>>>>>>>> >> > >">*
>> >>>>>>>>>> >> > * <wsp:Policy>*
>> >>>>>>>>>> >> > * <sp:RequireIssuerSerialReference />*
>> >>>>>>>>>> >> > * </wsp:Policy>*
>> >>>>>>>>>> >> > * </sp:X509Token>*
>> >>>>>>>>>> >> > * </wsp:Policy>*
>> >>>>>>>>>> >> > * </sp:RecipientToken>*
>> >>>>>>>>>> >> > * <sp:AlgorithmSuite>*
>> >>>>>>>>>> >> > * <wsp:Policy>*
>> >>>>>>>>>> >> > * <sp:TripleDesRsa15 />*
>> >>>>>>>>>> >> > * </wsp:Policy>*
>> >>>>>>>>>> >> > * </sp:AlgorithmSuite>*
>> >>>>>>>>>> >> > * <sp:Layout>*
>> >>>>>>>>>> >> > * <wsp:Policy>*
>> >>>>>>>>>> >> > * <sp:Strict />*
>> >>>>>>>>>> >> > * </wsp:Policy>*
>> >>>>>>>>>> >> > * </sp:Layout>*
>> >>>>>>>>>> >> > * </wsp:Policy>*
>> >>>>>>>>>> >> > * </sp:AsymmetricBinding>*
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> > * <sp:Wss10 xmlns:sp="
>> >>>>>>>>>> >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
>> >>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
>> >>>>>>>>>> >> > * <wsp:Policy>*
>> >>>>>>>>>> >> > * <sp:MustSupportRefKeyIdentifier />*
>> >>>>>>>>>> >> > * <sp:MustSupportRefIssuerSerial />*
>> >>>>>>>>>> >> > * </wsp:Policy>*
>> >>>>>>>>>> >> > * </sp:Wss10>*
>> >>>>>>>>>> >> > * <sp:SignedParts
>> >>>>>>>>>> >> > xmlns:sp="
>> >>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
>> >>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
>> >>>>>>>>>> >> > * <sp:Body />*
>> >>>>>>>>>> >> > * </sp:SignedParts>*
>> >>>>>>>>>> >> > * <sp:EncryptedParts*
>> >>>>>>>>>> >> > * xmlns:sp="
>> >>>>>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
>> >>>>>>>>>> >> > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>">*
>> >>>>>>>>>> >> > * <sp:Body />*
>> >>>>>>>>>> >> > * </sp:EncryptedParts>*
>> >>>>>>>>>> >> > *</wsp:Policy>*
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> > 2. To configure WSS4J, I am using following snippet in
>> >>>>>>>>>> cxf-servlet.xml:
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> > * <jaxws:endpoint address="/WSService">*
>> >>>>>>>>>> >> > * <jaxws:implementor>*
>> >>>>>>>>>> >> > * <bean id="WSService"*
>> >>>>>>>>>> >> > * class="com.test.webservice.WSService" />*
>> >>>>>>>>>> >> > * </jaxws:implementor>*
>> >>>>>>>>>> >> > * <jaxws:inInterceptors>*
>> >>>>>>>>>> >> > * <ref bean="wss4jInConfiguration" />*
>> >>>>>>>>>> >> > * <bean class="com.test.webservice.AuthHandler">*
>> >>>>>>>>>> >> > * </bean>*
>> >>>>>>>>>> >> > * </jaxws:inInterceptors>*
>> >>>>>>>>>> >> > * <jaxws:outInterceptors>*
>> >>>>>>>>>> >> > * <ref bean="wss4jOutConfiguration" />*
>> >>>>>>>>>> >> > * <bean class="com.test.webservice.LogHandler">*
>> >>>>>>>>>> >> > * </bean>*
>> >>>>>>>>>> >> > * </jaxws:outInterceptors>*
>> >>>>>>>>>> >> > * <jaxws:properties>*
>> >>>>>>>>>> >> > * <entry key="ws-security.is-bsp-compliant" value="false"
>> />*
>> >>>>>>>>>> >> > * </jaxws:properties>*
>> >>>>>>>>>> >> > * </jaxws:endpoint>*
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> > * <bean id="wss4jInConfiguration"
>> >>>>>>>>>> >> >
>> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">*
>> >>>>>>>>>> >> > * <constructor-arg>*
>> >>>>>>>>>> >> > * <map>*
>> >>>>>>>>>> >> > * <entry key="action" value="Signature Encrypt Timestamp"
>> />*
>> >>>>>>>>>> >> > * <entry key="signaturePropFile"
>> value="service.properties"
>> >>>>>>>>>> />*
>> >>>>>>>>>> >> > * <entry key="decryptionPropFile"
>> value="service.properties"
>> >>>>>>>>>> />*
>> >>>>>>>>>> >> > * <entry key="encryptionPropFile"
>> value="service.properties"
>> >>>>>>>>>> />*
>> >>>>>>>>>> >> > * <entry key="passwordCallbackClass"
>> >>>>>>>>>> >> > value="com.test.webservice.PWCBHandler" />*
>> >>>>>>>>>> >> > * </map>*
>> >>>>>>>>>> >> > * </constructor-arg>*
>> >>>>>>>>>> >> > * </bean>*
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> > * <bean id="wss4jOutConfiguration"
>> >>>>>>>>>> >> >
>> >>>>>>>>>> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">*
>> >>>>>>>>>> >> > * <constructor-arg>*
>> >>>>>>>>>> >> > * <map>*
>> >>>>>>>>>> >> > * <entry key="action" value="Timestamp Signature Encrypt"
>> />*
>> >>>>>>>>>> >> > * <entry key="passwordCallbackClass"
>> >>>>>>>>>> >> > value="com.test.webservice.PWCBHandler" />*
>> >>>>>>>>>> >> > * <entry key="signaturePropFile"
>> value="service.properties"
>> >>>>>>>>>> />*
>> >>>>>>>>>> >> > * <entry key="encryptionPropFile"
>> value="service.properties"
>> >>>>>>>>>> />*
>> >>>>>>>>>> >> > * <entry key="decryptionPropFile"
>> value="service.properties"
>> >>>>>>>>>> />*
>> >>>>>>>>>> >> > * </map>*
>> >>>>>>>>>> >> > * </constructor-arg>*
>> >>>>>>>>>> >> > * </bean>*
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> > service.properties is also present in WEB-INF/classes
>> >>>>>>>>>> folder. Its
>> >>>>>>>>>> >> content
>> >>>>>>>>>> >> > are as below:
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> *org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin*
>> >>>>>>>>>> >> > *org.apache.ws.security.crypto.merlin.keystore.type=jks*
>> >>>>>>>>>> >> >
>> >>>>>>>>>>
>> *org.apache.ws.security.crypto.merlin.keystore.password=password*
>> >>>>>>>>>> >> > *org.apache.ws.security.crypto.merlin.file=service.jks*
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> > Using above configuration I am getting below mentioned
>> >>>>>>>>>> exception when I
>> >>>>>>>>>> >> am
>> >>>>>>>>>> >> > trying to access web service through client which is
>> >>>>>>>>>> configured using
>> >>>>>>>>>> >> same
>> >>>>>>>>>> >> > security setting which I used while I was in axis2:
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> > 20:49:21,744 WARN [ws.security.wss4j.WSS4JInInterceptor
>> >>>>>>>>>> ]
>> >>>>>>>>>> >> -
>> >>>>>>>>>> >> > org.apache.ws.security.WSSecurityException: The signature
>> or
>> >>>>>>>>>> decryption
>> >>>>>>>>>> >> was
>> >>>>>>>>>> >> > invalid
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:450)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:241)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
>> >>>>>>>>>> >> > at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown
>> >>>>>>>>>> Source)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
>> Source)
>> >>>>>>>>>> >> > at java.lang.Thread.run(Unknown Source)
>> >>>>>>>>>> >> > 20:49:21,745 WARN [apache.cxf.phase.PhaseInterceptorChain
>> >>>>>>>>>> ]
>> >>>>>>>>>> >> -
>> >>>>>>>>>> >> > Interceptor for {http://webservice.test.com
>> >>>>>>>>>> >> > }WSAmandaSecurityServiceService#{
>> >>>>>>>>>> >> > http://webservice.test.com}authenticateUser has thrown
>> >>>>>>>>>> exception,
>> >>>>>>>>>> >> > unwinding
>> >>>>>>>>>> >> > now
>> >>>>>>>>>> >> > org.apache.cxf.binding.soap.SoapFault: The signature or
>> >>>>>>>>>> decryption was
>> >>>>>>>>>> >> > invalid
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:850)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:327)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:241)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
>> >>>>>>>>>> >> > at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown
>> >>>>>>>>>> Source)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
>> Source)
>> >>>>>>>>>> >> > at java.lang.Thread.run(Unknown Source)
>> >>>>>>>>>> >> > Caused by: org.apache.ws.security.WSSecurityException: The
>> >>>>>>>>>> signature or
>> >>>>>>>>>> >> > decryption was invalid
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:450)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
>> >>>>>>>>>> >> > at
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>>
>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)
>> >>>>>>>>>> >> > ... 28 test
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> > Can anyone help me identify if I am missing anything while
>> >>>>>>>>>> configuring
>> >>>>>>>>>> >> > WSS4J in apache cxf, so that I can use same client to
>> access
>> >>>>>>>>>> cxf web
>> >>>>>>>>>> >> > service?
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> > Thanks for your time and help.
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >> > Regards, Puneet.
>> >>>>>>>>>> >> >
>> >>>>>>>>>> >>
>> >>>>>>>>>> >>
>> >>>>>>>>>> >>
>> >>>>>>>>>> >> --
>> >>>>>>>>>> >> Colm O hEigeartaigh
>> >>>>>>>>>> >>
>> >>>>>>>>>> >> Talend Community Coder
>> >>>>>>>>>> >> http://coders.talend.com
>> >>>>>>>>>> >>
>> >>>>>>>>>> >
>> >>>>>>>>>> >
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>> --
>> >>>>>>>>>> Colm O hEigeartaigh
>> >>>>>>>>>>
>> >>>>>>>>>> Talend Community Coder
>> >>>>>>>>>> http://coders.talend.com
>> >>>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>
>> >>>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> --
>> >>>>>> Colm O hEigeartaigh
>> >>>>>>
>> >>>>>> Talend Community Coder
>> >>>>>> http://coders.talend.com
>> >>>>>>
>> >>>>>
>> >>>>>
>> >>>>
>> >>>
>> >>
>> >>
>> >> --
>> >> Colm O hEigeartaigh
>> >>
>> >> Talend Community Coder
>> >> http://coders.talend.com
>> >>
>> >
>> >
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
