I think you need to be looking in the wss4j out interceptor. We use WS policy based cxf clients and it all just works. If your wsdl includes the policies might be good to give that a go.
Lots of samples in the systests and also on my github project too. On 15/10/2014 12:12 AM, "Chris" <[email protected]> wrote: > I have not yet been able to build a simple test case, but it seems clear > that > the <sp13:Created /> and > <sp13:Nonce /> elements are ignored in the client code. As I mentioned in a > previous message > < > http://cxf.547215.n5.nabble.com/CXF-client-send-nonce-and-timestamp-tp5749743p5749800.html > > > these are being read correctly by the > > AssertionInfoMap aim = message.get(AssertionInfoMap.class); > > at the beginning of > protected UsernameToken assertTokens(SoapMessage message, String > localname, boolean signed) > > in org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor > > but not being returned in the token produced by that method. > > Meanwhile I came up with a "fix" by modifying the UsernameTokenInterceptor: > > / protected void addToken(SoapMessage message) { > UsernameToken tok = assertTokens(message); > > Header h = findSecurityHeader(message, true); > WSSecUsernameToken utBuilder = > addUsernameToken(message, tok); > if (utBuilder == null) { > AssertionInfoMap aim = message.get(AssertionInfoMap.class); > Collection<AssertionInfo> ais = > getAllAssertionsByLocalname(aim, > SPConstants.USERNAME_TOKEN); > for (AssertionInfo ai : ais) { > if (ai.isAsserted()) { > ai.setAsserted(false); > } > } > return; > } > > //*************************** > // Beginning of Modification > //*************************** > AssertionInfoMap aim = message.get(AssertionInfoMap.class); > boolean haveNonce = false; > boolean haveCreated = false; > > Collection<AssertionInfo> nonces = > aim.getAssertionInfo(SP13Constants.NONCE); > for(AssertionInfo nonce: nonces) { > if (nonce.isAsserted()) { > haveNonce = true; > } > > } > > Collection<AssertionInfo> createds = > aim.getAssertionInfo(SP13Constants.CREATED); > for(AssertionInfo created: createds) { > if(created.isAsserted()) { > haveCreated = true; > } > } > > if (haveCreated) { > utBuilder.addCreated(); > } > > if (haveNonce) { > utBuilder.addNonce(); > } > > //*************************** > // End of modification > //*************************** > > Element el = (Element)h.getObject(); > utBuilder.prepare(el.getOwnerDocument()); > el.appendChild(utBuilder.getUsernameTokenElement()); > } > / > > > So I thought "all well and good" and then tried the username token with > message protection only to find that it uses a totally different class to > generate the embedded username token, and the changed code is not called! > As > soon as I set the server to "created time and nonce required" it fails! > This > also appears to be much more complex processing so finding where to fix the > code is a little difficult. > > BTW I know that my "fix" is probably not the right way to do it, fixing the > underlying code to produce the correct values in the token, then passing > that through to the builder looked like much to much work within our > timescales > > > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/CXF-client-send-nonce-and-timestamp-tp5749743p5749873.html > Sent from the cxf-user mailing list archive at Nabble.com. >
