Unfortunately I'm not the developer of this service and afaik it's an
IIS Server with .NET stuff behind the scene.
But I'm in touch with the developer (more or less...).
I've another problem with exact the same service but different method.
This method does not require the additional encrypted header and accepts
my request. Thus, for my above problem I think there is something wrong
with the header.
But for my second problem I'm going to create a new topic.
Martin
Am 26.10.2016 um 16:31 schrieb Colm O hEigeartaigh:
If it's a CXF service then turn on debug logging to figure out why it is
rejecting the message.
Colm.
On Wed, Oct 26, 2016 at 3:29 PM, Martin Fernau <[email protected]>
wrote:
Thanks a lot.
It turns out that I already implemented it this way but simply did a
mistake for the namespace.
After correction the outgoing XML seems to be correct.
Nonetheless the request is rejected with "An error occurred when verifying
security for the message."
Thanks
Martin
Am 24.10.2016 um 13:21 schrieb Colm O hEigeartaigh:
Yes it's possible to add headers and sign and encrypt them. There is a
test
which demonstrates how to do this for encryption, although Signature works
as well:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=s
ystests/ws-security/src/test/java/org/apache/cxf/systest/ws/
x509/X509TokenTest.java;h=55b8298aa93bed4622c3f2f283a04b8294
725aad;hb=HEAD
See "testKeyIdentifier2". The header is added with:
List<Header> headers = new ArrayList<Header>();
Header dummyHeader = new Header(new QName("uri:org.apache.cxf", "dummy"),
"dummy-header",
new
JAXBDataBinding(String.class));
headers.add(dummyHeader);
((BindingProvider)x509Port).getRequestContext().put(Header.HEADER_LIST,
headers);
The WSDL is here. You can see that the header is added to the encryption
parts for the "DoubleIt2" operation:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=s
ystests/ws-security/src/test/resources/org/apache/cxf/systes
t/ws/x509/DoubleItOperations.wsdl;h=836f02e0c4c7ae851f4f475
ca84a17724dbf2236;hb=HEAD
On Mon, Oct 24, 2016 at 10:19 AM, Martin Fernau <
[email protected]
wrote:
No one?
Is it not possible with CXF or is it an unusual demand?
I need to consume this webservice. If its not possible with CXF I need to
find another way but I'd like to stick with CXF.
Thanks
Martin
Am 20.10.2016 um 10:00 schrieb Martin Fernau:
Hi,
is it possible to call a webservice with the following ws-security
content:
--cut
<wsp:Policy wsu:Id="CustomBinding_IService
Customer_InsertCustomer_Input_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts xmlns:sp="http://schemas.xmlso
ap.org/ws/2005/07/securitypolicy">
<sp:Body/>
<sp:Header Name="FfeHeader" Namespace="
http://tempuri.org/"/>
<sp:Header Name="To" Namespace="
http://www.w3.org/2
005/08/addressing"/>
<sp:Header Name="From" Namespace="
http://www.w3.org/2
005/08/addressing"/>
<sp:Header Name="FaultTo" Namespace="
http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo" Namespace="
http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID" Namespace="
http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo" Namespace="
http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action" Namespace="
http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts xmlns:sp="http://schemas.xmlso
ap.org/ws/2005/07/securitypolicy">
<sp:Body/>
<sp:Header Name="FfeHeader" Namespace="
http://tempuri.org/"/>
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
--cut
The problematic part is the "FfeHeader" which needs to be encrypted and
signed.
All the other parts are working (as far as I can tell).
If I use wsdl2java a class file for the FfeHeader-Type is generated but
I
can find a way how to add it to my request. Thus the resulting request
contains no such header and therefore the server fails to understand my
request:
--cut
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Object
reference not set to an instance of an object.
--cut
I only know the following way to add a custom header to my request:
--cut
ObjectFactory of = new ObjectFactory();
List<Header> headersList = new ArrayList<Header>();
// HeaderType is the generated class for FfeHeader
HeaderType type = of.createHeaderType();
// call several setters on 'type'
[...]
Header ffeHeader = new Header(new QName("http://tempuri.org";,
"FfeHeader"), type, new JAXBDataBinding(HeaderType.class));
headersList.add(ffeHeader);
client.getRequestContext().put(Header.HEADER_LIST, headersList);
--cut
But this way the FfeHeader is neither signed nor encrypted and the call
fails with exact the same error message.
I would appreciate any kind of help.
Thanks
Martin
--
FERNAUSOFT GmbH
Gartenstraße 42 - 37269 Eschwege
Telefon (0 56 51) 95 99-0
Telefax (0 56 51) 95 99-90
eMail [email protected]
Internet http://www.fernausoft.de
Handelsregister Eschwege, HRB 1585
Geschäftsführer: Axel Fernau, Ulrich Fernau, Martin Fernau
Steuernummer 025 233 00041
USt-ID-Nr. DE 178 554 622
--
FERNAUSOFT GmbH
Gartenstraße 42 - 37269 Eschwege
Telefon (0 56 51) 95 99-0
Telefax (0 56 51) 95 99-90
eMail [email protected]
Internet http://www.fernausoft.de
Handelsregister Eschwege, HRB 1585
Geschäftsführer: Axel Fernau, Ulrich Fernau, Martin Fernau
Steuernummer 025 233 00041
USt-ID-Nr. DE 178 554 622
