Problem solved. I found a discussion here on a similar problem: http://cxf.547215.n5.nabble.com/WS-Security-Properties-Reference-td5505704.html. For anyone who is interested, "SignaturePropRefId" was used in WSS4J 1.5, but was changed to "signaturePropRefId" in WSS4J 1.6.
Thanx, Stephen W. Chappell -----Original Message----- From: Chappell, Stephen CTR (FAA) Sent: Tuesday, September 23, 2014 2:04 PM To: [email protected] Subject: RE: Help loading signature properties Thanx, Glen. I think the dependencies are there. There are several layers of pom file to decode, but the pom file building this bit has this: <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-ws-security</artifactId> <version>${cxf-version}</version> <scope>test</scope> </dependency> And it's parent pom file has this: <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <version>${spring-version}</version> <scope>test</scope> </dependency> So I think I'm covered dependency-wise. I've specified Spring 3.1.0, because I was having issues with ehCache that seemed to warrant it. Stephen W. Chappell -----Original Message----- From: Glen Mazza [mailto:[email protected]] Sent: Tuesday, September 23, 2014 1:53 PM To: [email protected] Subject: Re: Help loading signature properties Did you add the required Spring dependencies (necessary to read your Spring config) to your code as part of the upgrade? CXF 2.3 automatically included dependencies that later versions do not. http://web-gmazza.rhcloud.com/blog/entry/cxf-usernametoken-profile#UTCXF2 Glen On 09/23/2014 01:48 PM, [email protected] wrote: > I'm working on migrating some legacy code I've been stuck with from CXF > 2.3/WSS4J 1.5 up to CXF 2.7/WSS4J 1.6, and I'm having some troubles. The > latest issue is something that I'm sure is obvious and I'm just not seeing > ... I am getting this exception when I run one of my tests: > > org.apache.cxf.binding.soap.SoapFault: Security processing failed. > at > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:280) > at > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:141) > .... > Caused by: org.apache.ws.security.WSSecurityException: Error during Signature: > at > org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:122) > at > org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:232) > at > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52) > at > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:265) > ... 47 more > Caused by: org.apache.ws.security.WSSecurityException: General security error > (WSSecurityEngine: No crypto property file supplied to verify signature) > at > org.apache.ws.security.message.WSSecSignature.getSigningCerts(WSSecSignature.java:789) > at > org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:169) > at > org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:71) > ... 50 more > > I've shortened the stack trace a bit but that should be the most important > parts. Now the exception itself I think is clear - there's a problem with the > crypto properties. It's the exact problem that eludes me. In my Spring > configuration, the original developers referenced a Crypto bean rather than > using an external file. This is the bean configuration: > > <bean id="wss4jOutInterceptor" > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> > <constructor-arg> > <map> > <entry key="action" value="Timestamp Signature" /> > <entry key="user" value="test-user (test ca 1)" /> > <entry key="timeToLive" value="60" /> > <entry key="signatureUser" value="test-user (test ca 1)" /> > <entry key="signatureKeyIdentifier" value="DirectReference" /> > <entry key="SignaturePropRefId" value="signatureProperties" /> > <entry key="signatureProperties" value-ref="cryptoProperties" /> > <entry key="signatureParts" > value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body; > {Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp"; > /> > <entry key="signatureAlgorithm" > value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> > <entry key="signatureDigestAlgorithm" > value="http://www.w3.org/2001/04/xmlenc#sha256"/> > <entry key="passwordCallbackRef" value-ref="pwCallback" /> > </map> > </constructor-arg> > </bean> > > <bean id="wss4jInInterceptor" > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> > <constructor-arg> > <map> > <entry key="action" value="Signature Timestamp Encrypt" /> > <entry key="SignaturePropRefId" value="cryptoProperties" /> > <entry key="decryptionPropRefId" value="cryptoProperties" /> > <entry key="cryptoProperties" value-ref="cryptoProperties" /> > <entry key="passwordCallbackRef" value-ref="pwCallback" /> > </map> > </constructor-arg> > </bean> > > <util:properties id="cryptoProperties"> > <prop > key="org.apache.ws.security.crypto.provider">org.apache.ws.security.components.crypto.Merlin</prop> > <prop > key="org.apache.ws.security.crypto.merlin.keystore.file">test-user.jks</prop> > <prop key="org.apache.ws.security.crypto.merlin.keystore.type">jks</prop> > <prop > key="org.apache.ws.security.crypto.merlin.keystore.provider"></prop> --> > <prop > key="org.apache.ws.security.crypto.merlin.keystore.password">xxxxx</prop> > <prop > key="org.apache.ws.security.crypto.merlin.load.cacerts">false</prop> > </util:properties> > > Does anyone have any ideas on what may be off here? Thanx, > > Stephen W. Chappell >
