Some more questions
May I ask how would you know the request message is correct one? Do you
ever test it in SMX 3.x?
If not, what I can suggest here first is
write your testcase based on cxf-ws-security demo shipped with FUSE
ESB(which is based on Apache Servicemix, you can find the latest
releasedkit from [1])
write a java client which can work with SAs you deployed in SMX3, like
we do in cxf-ws-security, and dump the onwire soap request message, so
that you know the request message is correct.
Ensure the testcase working in SMX3 is a good start to porting it in SMX4
Btw, your testcase seems miss
org.apache.cxf.binding.soap.saaj.SAAJInInterceptor, which is necessary
when use ws-security
[1]http://repo.open.iona.com/maven2/org/apache/servicemix/apache-servicemix/3.3.1.17-fuse/
Thanks
Freeman
saravanan.t wrote:
Please see attached. I have upated the readme file to reflect the changes I
made, added the saaj-impl bundle.
Freeman Fang wrote:
Hi,
I assume your test is based on the cxf-ws-security demo from FUSE ESB
kit, right?
Would you please send your testcase(with a README) to me and I can do a
quick test.
Freeman
saravanan.t wrote:
This is my client request:
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:typ="http://servicemix.apache.org/samples/wsdl-first/types";>
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<wsse:UsernameToken wsu:Id="UsernameToken-21566635"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<wsse:Username>smx</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest";>nLk0R9C8jmaHBMwFq74GuweJbQs=</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<typ:GetPerson>
<typ:personId>1</typ:personId>
</typ:GetPerson>
</soapenv:Body>
</soapenv:Envelope>
The password is the same as the one on users.properties file. Is this
correct?
I also noticed this:
java.lang.NoClassDefFoundError: org/opensaml/SAMLException
only on the console!
I also realised that wss4j bundle imports org.opensaml optionally. Do i
need
this saml bundle..? I cannot seem to find that bundle from smx repo
though.
Freeman Fang wrote:
The error shows client request can't be authenticated correctly.
How you send client request?
saravanan.t wrote:
packaging the saaj.impl jar inside the cxf-bc su didn't help. when i
tried
copying the org.apache.servicemix.bundles.saaj-impl-1.3_1.jar bundle
into
the deploy folder, i got this fault:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
<soap:Body>
<soap:Fault>
<faultcode
xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>ns1:InvalidSecurity</faultcode>
<faultstring>An error was discovered processing the
<wsse:Security> header</faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>
Freeman Fang wrote:
quick question:
Do you have saaj-impl bundle installed already?
Freeman
saravanan.t wrote:
Thanks for your quick response!
I did try adding the dependency on saaj in cxfbc-su pom like this:
<dependency>
<groupId>com.sun.xml</groupId>
<artifactId>saaj-impl</artifactId>
<version>1.3</version>
</dependency>
I could see the saaj-impl jar file in that su zip file.
But, i still seem to get the same error. is it with the version?
Freeman Fang wrote:
Hi,
Seems your consumer su miss saaj-impl dependency.
Freeman
saravanan.t wrote:
Hello,
I have been playing with SMX4 for few days now and I started liking
it
already, as it nicely integrates the best 3 things: spring, osgi &
JBI
(in
addition to Camel/AMQ/CXF and others).
Thanks to you guys for a great job!
The question I had is related to enabling ws-security to a service
on
CXF.
To understand this, I thought it is good to take the shipped
cxf-wsdl-first
example and try to make it ws-security enabled by:
adding WSS4J interceptor on cxf-bc su:
<code>
<beans xmlns:cxfbc="http://servicemix.apache.org/cxfbc/1.0";
xmlns:person="http://servicemix.apache.org/samples/wsdl-first";>
<cxfbc:consumer wsdl="classpath:person.wsdl"
targetService="person:PersonService"
targetInterface="person:Person">
<!-- WS-Security interceptors -->
<cxfbc:inInterceptors>
<ref bean="wss4jin"/>
</cxfbc:inInterceptors>
</cxfbc:consumer>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
id="wss4jin">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken"/>
<entry key="passwordType" value="PasswordDigest" />
<entry key="passwordCallbackClass"
value="org.apache.servicemix.samples.wsdl_first.ServerPasswordCallback"/>
</map>
</constructor-arg>
</bean>
</beans>
</code>
and then testing it on soap-ui client with:
<code>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:typ="http://servicemix.apache.org/samples/wsdl-first/types";>
<soapenv:Header><wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><wsse:UsernameToken
wsu:Id="UsernameToken-2956574"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><wsse:Username>smx</wsse:Username><wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest";>7vBUrC3FJYywtWp2S9t6RKgT0GQ=</wsse:Password><wsse:Nonce>XCTIgEZbX0l9qJQl2nXEkg==</wsse:Nonce><wsu:Created>2009-04-14T11:03:09.342Z</wsu:Created></wsse:UsernameToken></wsse:Security></soapenv:Header>
<soapenv:Body>
<typ:GetPerson>
<typ:personId>1</typ:personId>
</typ:GetPerson>
</soapenv:Body>
</soapenv:Envelope>
</code>
but the response is:
<code>
<faultcode>soap:Client</faultcode>
<faultstring>Problems creating SAAJ object
model</faultstring>
</code>
Any idea what i am missing...?
Thanks!
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
http://www.nabble.com/file/p23055692/cxf-wsdl-first.rar cxf-wsdl-first.rar
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
