My situation has two WSDLs: a and b.
Both use the same keystore which contains two Trusted Cert Entries and a
Private Key Entry (x.509 cert). This key is supposed to be used to sign and
encrypt the messages.
Calling the a::authentication.authenticate method should be over https, signed
and encrypted with the cert as mentioned above. NO user credentials are
supplied. A session token is returned if all is well.
The session token, along with a user name and password are to be passed into
all calls for WSDL b, using the same cert for signing and encryption.
I created two maven projects, one for each WSDL, using the cxf-codegen-plugin
(3.1.10). Each has a /META-INF/cxf/ folder with client-crypto.properties, a
cfx-wsdl-a/b.xml file which is a Spring beans file with the required
jaxws:client entries for the port names, and the related key store JKS file.
Both were added to the main WAR project and in one of the Spring XML files, I
added:
<!-- set up the CXF bus -->
<import resource="classpath:META-INF/cxf/cxf.xml" />
<cxf:bus>
<cxf:features>
<p:policies />
<cxf:logging />
</cxf:features>
</cxf:bus>
<import resource="classpath:META-INF/cxf/cxf-aamva-authentication.xml" />
<import resource="classpath:META-INF/cxf/cxf-aamva-vls3.xml" />
And at boot time, spring finds those files and creates the beans. So no error
THERE.
Calling the constructor for the service class and getting the port instance
works for WSDL a without error.
But when calling .authenticate, I continually get the following. What gives?
There isn't a SecurityTokenService listed in the a or b wsdl. I have no idea if
the port name matches the syntax below
({http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService) or not.
Feb17 08:17:37.735 WARN [PhaseInterceptorChain ][::] - Interceptor for
{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}RequestSecurityToken
has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Security configuration could not be detected.
Potential cause: Make sure jaxws:client element with name attribute value
matching endpoint port is defined as well as a security.signature.properties
element within it.
at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleBinding(TransportBindingHandler.java:172)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:185)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:109)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:96)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
[cxf-core-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:861)
[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:61)
[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:55)
[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:51)
[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.issueToken(SecureConversationOutInterceptor.java:198)
[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterceptor.java:81)
[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterceptor.java:50)
[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
[cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
[cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
at
txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.java:178)
[VlsBusiness.class:na]
...
Caused by: org.apache.cxf.ws.policy.PolicyException: Security configuration
could not be detected. Potential cause: Make sure jaxws:client element with
name attribute value matching endpoint port is defined as well as a
security.signature.properties element within it.
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractCommonBindingHandler.unassertPolicy(AbstractCommonBindingHandler.java:92)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java:1821)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.doX509TokenSignature(TransportBindingHandler.java:388)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleEndorsingToken(TransportBindingHandler.java:319)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleEndorsingSupportingTokens(TransportBindingHandler.java:269)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleBinding(TransportBindingHandler.java:159)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
... 270 common frames omitted
Feb17 08:17:37.788 WARN [PhaseInterceptorChain ][::] - Interceptor for
{http://aamva.org/authentication/3.1.0}AuthenticationService#{http://aamva.org/authentication/3.1.0}Authenticate
has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Security configuration could not be detected.
Potential cause: Make sure jaxws:client element with name attribute value
matching endpoint port is defined as well as a security.signature.properties
element within it.
at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleBinding(TransportBindingHandler.java:172)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:185)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:109)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:96)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
~[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
[cxf-core-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:861)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:61)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:55)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:51)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.issueToken(SecureConversationOutInterceptor.java:198)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterceptor.java:81)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterceptor.java:50)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
~[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
[cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
[cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
at
txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.java:178)
[VlsBusiness.class:na]
