If it's a CXF service then turn on debug logging to figure out why it is rejecting the message.
Colm. On Wed, Oct 26, 2016 at 3:29 PM, Martin Fernau <[email protected]> wrote: > Thanks a lot. > It turns out that I already implemented it this way but simply did a > mistake for the namespace. > After correction the outgoing XML seems to be correct. > Nonetheless the request is rejected with "An error occurred when verifying > security for the message." > > Thanks > Martin > > Am 24.10.2016 um 13:21 schrieb Colm O hEigeartaigh: > >> Yes it's possible to add headers and sign and encrypt them. There is a >> test >> which demonstrates how to do this for encryption, although Signature works >> as well: >> >> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=s >> ystests/ws-security/src/test/java/org/apache/cxf/systest/ws/ >> x509/X509TokenTest.java;h=55b8298aa93bed4622c3f2f283a04b8294 >> 725aad;hb=HEAD >> >> See "testKeyIdentifier2". The header is added with: >> >> List<Header> headers = new ArrayList<Header>(); >> Header dummyHeader = new Header(new QName("uri:org.apache.cxf", "dummy"), >> "dummy-header", >> new >> JAXBDataBinding(String.class)); >> headers.add(dummyHeader); >> ((BindingProvider)x509Port).getRequestContext().put(Header.HEADER_LIST, >> headers); >> >> The WSDL is here. You can see that the header is added to the encryption >> parts for the "DoubleIt2" operation: >> >> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=s >> ystests/ws-security/src/test/resources/org/apache/cxf/systes >> t/ws/x509/DoubleItOperations.wsdl;h=836f02e0c4c7ae851f4f475 >> ca84a17724dbf2236;hb=HEAD >> >> On Mon, Oct 24, 2016 at 10:19 AM, Martin Fernau < >> [email protected] >> >>> wrote: >>> No one? >>> >>> Is it not possible with CXF or is it an unusual demand? >>> I need to consume this webservice. If its not possible with CXF I need to >>> find another way but I'd like to stick with CXF. >>> >>> Thanks >>> Martin >>> >>> >>> Am 20.10.2016 um 10:00 schrieb Martin Fernau: >>> >>> Hi, >>>> >>>> is it possible to call a webservice with the following ws-security >>>> content: >>>> --cut >>>> <wsp:Policy wsu:Id="CustomBinding_IService >>>> Customer_InsertCustomer_Input_policy"> >>>> <wsp:ExactlyOne> >>>> <wsp:All> >>>> <sp:SignedParts xmlns:sp="http://schemas.xmlso >>>> ap.org/ws/2005/07/securitypolicy"> >>>> <sp:Body/> >>>> <sp:Header Name="FfeHeader" Namespace=" >>>> http://tempuri.org/"/> >>>> <sp:Header Name="To" Namespace=" >>>> http://www.w3.org/2 >>>> 005/08/addressing"/> >>>> <sp:Header Name="From" Namespace=" >>>> http://www.w3.org/2 >>>> 005/08/addressing"/> >>>> <sp:Header Name="FaultTo" Namespace=" >>>> http://www.w3.org/2005/08/addressing"/> >>>> <sp:Header Name="ReplyTo" Namespace=" >>>> http://www.w3.org/2005/08/addressing"/> >>>> <sp:Header Name="MessageID" Namespace=" >>>> http://www.w3.org/2005/08/addressing"/> >>>> <sp:Header Name="RelatesTo" Namespace=" >>>> http://www.w3.org/2005/08/addressing"/> >>>> <sp:Header Name="Action" Namespace=" >>>> http://www.w3.org/2005/08/addressing"/> >>>> </sp:SignedParts> >>>> <sp:EncryptedParts xmlns:sp="http://schemas.xmlso >>>> ap.org/ws/2005/07/securitypolicy"> >>>> <sp:Body/> >>>> <sp:Header Name="FfeHeader" Namespace=" >>>> http://tempuri.org/"/> >>>> </sp:EncryptedParts> >>>> </wsp:All> >>>> </wsp:ExactlyOne> >>>> </wsp:Policy> >>>> --cut >>>> >>>> The problematic part is the "FfeHeader" which needs to be encrypted and >>>> signed. >>>> All the other parts are working (as far as I can tell). >>>> If I use wsdl2java a class file for the FfeHeader-Type is generated but >>>> I >>>> can find a way how to add it to my request. Thus the resulting request >>>> contains no such header and therefore the server fails to understand my >>>> request: >>>> --cut >>>> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Object >>>> reference not set to an instance of an object. >>>> --cut >>>> >>>> I only know the following way to add a custom header to my request: >>>> --cut >>>> ObjectFactory of = new ObjectFactory(); >>>> List<Header> headersList = new ArrayList<Header>(); >>>> // HeaderType is the generated class for FfeHeader >>>> HeaderType type = of.createHeaderType(); >>>> // call several setters on 'type' >>>> [...] >>>> >>>> Header ffeHeader = new Header(new QName("http://tempuri.org";, >>>> "FfeHeader"), type, new JAXBDataBinding(HeaderType.class)); >>>> headersList.add(ffeHeader); >>>> client.getRequestContext().put(Header.HEADER_LIST, headersList); >>>> --cut >>>> But this way the FfeHeader is neither signed nor encrypted and the call >>>> fails with exact the same error message. >>>> >>>> I would appreciate any kind of help. >>>> >>>> Thanks >>>> Martin >>>> >>>> >>> >>> >> >> > -- > FERNAUSOFT GmbH > Gartenstraße 42 - 37269 Eschwege > > Telefon (0 56 51) 95 99-0 > Telefax (0 56 51) 95 99-90 > > eMail [email protected] > Internet http://www.fernausoft.de > > Handelsregister Eschwege, HRB 1585 > Geschäftsführer: Axel Fernau, Ulrich Fernau, Martin Fernau > Steuernummer 025 233 00041 > USt-ID-Nr. DE 178 554 622 > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
