Re: ws-policy/ws-security and a encrypted header part

Mon, 24 Oct 2016 02:20:22 -0700 

No one?

Is it not possible with CXF or is it an unusual demand?
I need to consume this webservice. If its not possible with CXF I need to find another way but I'd like to stick with CXF. 

Thanks
Martin

Am 20.10.2016 um 10:00 schrieb Martin Fernau:

Hi,


is it possible to call a webservice with the following ws-security 
content:

--cut

    <wsp:Policy 
wsu:Id="CustomBinding_IServiceCustomer_InsertCustomer_Input_policy">

        <wsp:ExactlyOne>
            <wsp:All>

                <sp:SignedParts 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>

                    <sp:Body/>

                    <sp:Header Name="FfeHeader" 
Namespace="http://tempuri.org/"/>
                    <sp:Header Name="To" 
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="From" 
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="FaultTo" 
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="ReplyTo" 
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="MessageID" 
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="RelatesTo" 
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="Action" 
Namespace="http://www.w3.org/2005/08/addressing"/>

                </sp:SignedParts>

                <sp:EncryptedParts 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>

                    <sp:Body/>

                    <sp:Header Name="FfeHeader" 
Namespace="http://tempuri.org/"/>

                </sp:EncryptedParts>
            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>
--cut


The problematic part is the "FfeHeader" which needs to be encrypted 
and signed.

All the other parts are working (as far as I can tell).

If I use wsdl2java a class file for the FfeHeader-Type is generated 
but I can find a way how to add it to my request. Thus the resulting 
request contains no such header and therefore the server fails to 
understand my request:

--cut

Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: 
Object reference not set to an instance of an object.

--cut

I only know the following way to add a custom header to my request:
--cut
ObjectFactory of = new ObjectFactory();
List<Header> headersList = new ArrayList<Header>();
// HeaderType is the generated class for FfeHeader
HeaderType type = of.createHeaderType();
// call several setters on 'type'
[...]


Header ffeHeader = new Header(new QName("http://tempuri.org";, 
"FfeHeader"), type, new JAXBDataBinding(HeaderType.class));

headersList.add(ffeHeader);
client.getRequestContext().put(Header.HEADER_LIST, headersList);
--cut

But this way the FfeHeader is neither signed nor encrypted and the 
call fails with exact the same error message.


I would appreciate any kind of help.

Thanks
Martin



 






















					Reply via email to