Hi Martin,
Thanks for your response. Yes I did, this is the code:
Client client =
ClientProxy.getClient(certificateServices.getCertificateServicesSoap());
Endpoint endpoint = client.getEndpoint();
Map<String, Object> outProps = new HashMap<>();
outProps.put(WSHandlerConstants.ACTION, "Signature");
outProps.put(WSHandlerConstants.USER, "alias");
outProps.put(WSHandlerConstants.PW_CALLBACK_REF, new
ClientPasswordCallback());
outProps.put(WSHandlerConstants.SIG_PROP_FILE, "client_sign.properties");
WSS4JOutInterceptor wss4JOutInterceptor = new WSS4JOutInterceptor(outProps);
endpoint.getOutInterceptors().add(wss4JOutInterceptor);
InitiateInvite initiateInvite =
webservicesObjectFactory.createInitiateInvite();
initiateInvite.setEncoding(ContentEncoding.UTF_16);
initiateInvite.setVersion(APIVersion.V_2_0);
initiateInvite.setSignedInitiateInviteRequest(Base64.encodeBase64String(baos.toByteArray()));
InitiateInviteResponse initiateInviteResponse =
certificateServices.getCertificateServicesSoap().initiateInvite(initiateInvite);
System.out.println("initiateInviteResponse = " +
initiateInviteResponse.getInitiateInviteResponse().getMessage());
ClientPasswordCallback is never called
--
Met vriendelijke groet,
Jeroen Breedveld
mobiel: +31 6 81621309 | [email protected] |
http://oorsprongsdocumenten.nl | https://nl.linkedin.com/in/jeroenbreedveld
Op al onze aanbiedingen en overeenkomsten zijn de Nederland ICT Voorwaarden
2014 van toepassing, gedeponeerd bij de Kamer van Koophandel
Midden-Nederland onder nummer 30174840. Deze voorwaarden treft u hierbij
aan. Op verzoek sturen wij u deze nogmaals kosteloos toe.
On Thu, Oct 20, 2016 at 2:26 PM, Martin Fernau <[email protected]>
wrote:
> Have you registered the WSS4JOutInterceptor to the OutInterceptors of you
> cxfEndpoint?
>
> --cut
> Map<String,Object> outProps = new HashMap<String,Object>();
> // activate signing of outgoing messages
> outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
> // the alias name in the keystore to get user's certificate and key
> outProps.put(WSHandlerConstants.USER, LocalKeyStoreAlias);
> // BinarySecurityToken
> // outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
> // Callback Class
> outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> ClientPasswordCallback.class.getName());
>
> // Signing parameters
> Properties sigProps = new Properties();
> // Merlin Class
> sigProps.put("org.apache.ws.security.crypto.provider",
> MyMerlin.class.getName());
>
> outProps.put("cryptoProperties", sigProps);
> outProps.put(WSHandlerConstants.SIG_PROP_REF_ID, "cryptoProperties");
>
> // Add WSS4JOutInterceptor to the endpoint
> Client client = ClientProxy.getClient(port);
> Endpoint cxfEndpoint = client.getEndpoint();
> WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
> cxfEndpoint.getOutInterceptors().add(wssOut);
> --cut
>
> Am 20.10.2016 um 13:33 schrieb Jeroen Breedveld:
>
>> Hi all,
>>
>> Using Apache CXF I've created Java code to access a SOAP service described
>> by a wsdl.
>>
>> I can now work the service with a couple of lines of code:
>>
>>
>> *InitiateInvite initiateInvite =
>> webservicesObjectFactory.createInitiateInvite();*
>> *InitiateInviteResponse initiateInviteResponse =
>> certificateServices.getCertificateServicesSoap().initiateInv
>> ite(initiateInvite);*
>>
>>
>>
>> But the SOAP service expects the payload to be signed. I followed the
>> instructions here http://cxf.apache.org/docs/ws-security.html and now
>> have
>> a Client with the correct interceptors registered
>> on the endpoints but the payload is still not signed. The CallbackHandler
>> for the password is also not called.
>>
>> How do I combine the client with the generated code to make Apache CXF
>> sign
>> the SOAP payload?
>>
>> Thanks for any help and regards,
>>
>> Jeroen
>>
>>
>>
>>
>>
>
