I am trying to generate a SOAP request using Apache CXF WS-Security similar to
the following request(I generated it using SoapUI) :
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<ds:Signature Id="SIG-xxx"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
<ec:InclusiveNamespaces PrefixList="soapenv"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#xxxx">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
<ec:InclusiveNamespaces PrefixList=""
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>xxxx</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>xxxx
</ds:SignatureValue>
<ds:KeyInfo Id="xxxxx">
<wsse:SecurityTokenReference wsu:Id="xxxxx">
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";>
xxxx
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-xxx"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<v3:AccountRequest
xmlns:v3="http://services.mysiste.com/V3";>
<Request>
<SearchParametersBlock>
<MktCd>
<MktCdData>
<MktCd>US</MktCd>
</MktCdData>
</MktCd>
</SearchParametersBlock>
</Request>
</v3:AccountRequest>
</soapenv:Body>
</soapenv:Envelope>
I am using the following code to generate my Java request :
Properties signatureProperties = new Properties();
signatureProperties.put("org.apache.ws.security.crypto.provider",
"org.apache.ws.security.components.crypto.Merlin");
signatureProperties.put("org.apache.ws.security.crypto.merlin.keystore.type",
"jks");
signatureProperties.put("org.apache.ws.security.crypto.merlin.keystore.file",
"server.jks");
signatureProperties.put("org.apache.ws.security.crypto.merlin.keystore.password",
"password");
signatureProperties.put("org.apache.ws.security.crypto.merlin.keystore.alias",
"myAlias");
signatureProperties.put("org.apache.ws.security.crypto.merlin.keystore.private.password",
"password");
Map<String,Object> outProps = new HashMap<>();
outProps.put(WSHandlerConstants.USER, "myAlias");
outProps.put(WSHandlerConstants.SIG_KEY_ID, "X509KeyIdentifier");
outProps.put(WSHandlerConstants.ACTION,
WSHandlerConstants.SIGNATURE);
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ServiceKeystorePasswordCallback.class.getName());
outProps.put(WSHandlerConstants.SIG_ALGO,
"http://www.w3.org/2000/09/xmldsig#sha1";);
outProps.put(WSHandlerConstants.SIG_C14N_ALGO,
"http://www.w3.org/2001/10/xml-exc-c14n#";);
outProps.put(WSHandlerConstants.SIG_PROP_REF_ID,
"signatureProperties");
outProps.put("signatureProperties", signatureProperties);
org.apache.cxf.endpoint.Client client =
ClientProxy.getClient(this.service);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
WSS4JInInterceptor wssIn = new WSS4JInInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssIn);
But I am experiencing the following error : "Security processing failed
(actions mismatch)"
I traced the exception and it boils down to the following snippet
if (!checkReceiverResultsAnyOrder(wsResult, actions)) {
LOG.warning("Security processing failed (actions mismatch)");
throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
}
Where actions != wsResult(it is empty)
I am not sure how to populate wsResult in this case. Any help would be greatly
appreciated
American Express made the following annotations
"This message and any attachments are solely for the intended recipient and may
contain confidential or privileged information. If you are not the intended
recipient, any disclosure, copying, use, or distribution of the information
included in this message and any attachments is prohibited. If you have
received this communication in error, please notify us by reply e-mail and
immediately and permanently delete this message and any attachments. Thank
you."
American Express a ajouté le commentaire suivant
Ce courrier et toute pièce jointe qu'il contient sont réservés au seul
destinataire indiqué et peuvent contenir des renseignements confidentiels et
privilégiés. Si vous n'êtes pas le destinataire prévu, toute divulgation,
duplication, utilisation ou distribution du courrier ou de toute pièce jointe
est interdite. Si vous avez reçu cette communication par erreur, veuillez nous
en aviser par courrier et détruire immédiatement le courrier et les pièces
jointes. Merci.
